Categories
News

Sony: Questions and Answers

Patrick Seybold post yet another blog post regarding the PlayStation Network Outage.  On his blog he steps up to do some clarification work and even points us to a little Q & A area.

Seybold writes the following, “There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.”

We are then linked to the Sony PlayStation Knowledge Center.  Hold to your eyeglasses if you have them, and see the list of questions and answers below:

 

PSN/Qriocity Network Outage FAQs

1. When did the PSN/Qriocity become unavailable?
PSN/Qriocity services have not been available since April 20 (US time) in all regions.

 

2. Why did the PSN/Qriocity become unavailable?
An external intrusion on our system has affected our PlayStation Network and Qriocity services.

 

3. Why was Sony not prepared for a compromise of its network?
We are currently conducting a thorough investigation of the situation. Since this is an overall security related issue, we cannot comment further at this time.

 

4. Is the attack by “Anonymous” or another party?
We are currently conducting a thorough investigation of the situation. Since this is an overall security related issue, we cannot comment further at this time.

 

5. Why is it taking so long to restore network services?
As soon as we learned of this issue, we temporarily turned off PlayStation Network and Qriocity services in order to conduct a thorough investigation and to verify the smooth and secure operation of our network services. Our efforts to resolve this matter involve re-building our system to further strengthen our network infrastructure. Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security.

 

6. How serious is this compromise? How will Sony prevent this from happening again?
Because there is an on-going investigation we cannot comment further at this time, but we are working to restore and maintain and strengthen the services, including incorporating additional countermeasures to ward against future intrusions.

 

7. When will service be restored?
We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.

We will keep the service down to allow us to conduct a thorough investigation to ensure smooth operation of our network services when they return; we are working hard to resume the services as soon as we can be reasonably assured our security concerns have been addressed.

 

8. Did SOE experience an attack due to the same reason?
SOE’s services are currently available, but they did experience a service interruption due to an external attack. An investigation is ongoing.

 

9. Have you had such a long PSN/Qriocity service termination like this one in the past?
No.

 

10. Does PSN/Qriocity get attacked very often?
We cannot make any comments regarding this matter at this time.

 

11. I want my money back (subscription fee, content) since the PSN/Qriocity was not available.
While we are still assessing the impact of this incident, we recognize that this may have had financial impact on our loyal customers. We are currently reviewing options and will update you when the service is restored.

 

12. There seems to be some games that cannot be played even offline?
Some games may require access to PSN for trophy sync, security checks or other network functionality and therefore cannot be played offline.

 

13. Why are Sony Online Entertainment services available while PSN and Qriocity are still down and you (SCE/Sony) are not able to even tell us when it will come back again?
As our investigation in this matter is ongoing, we cannot comment further on this matter.

 

14. What personally identifying information do you suspect has been compromised?
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information provided by PlayStation Network/Qriocity account holders: name, address (city, state, zip), country, email address, birth date, PlayStation Network/Qriocity password, login, and handle/PSN online ID. Other profile data may also have been obtained, including purchase history and billing address (city, state, zip). If an account holder has authorized a sub-account for a dependent, the same data with respect to that dependent may have been obtained. If an account holder provided credit card data through PlayStation Network or Qriocity, it is possible that the credit card number (excluding security code) and expiration date may also have been obtained.

 

15. How will I know if my personal information has been compromised?
We have provided notices to consumers at the email addresses associated with their PlayStation Network/Qriocity accounts. You may also visit www.us.playstation.com/support and www.qriocity.com for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your credit card account statements and to monitor your credit reports.

 

16. What steps have you taken to investigate this compromise?
We have engaged an outside, recognized security firm to investigate this incident and to assist us in our ongoing efforts to protect your personally identifiable information.

 

17. I got an email from you asking for my PSN/Qriocity sign-in ID and password. Is it really you asking for this information?
Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.

 

18. What should I do to avoid having my personal information compromised?
For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other

 

19. Why did Sony wait until now to tell PSN users that their personal information may have been compromised?
The nature of the intrusion required that we undertake an extensive and thorough investigation of the matter, which took considerable effort and time. We needed to make sure that we knew and understood the facts before providing the appropriate notice to PlayStation Network users.

 

The above questions and answers are listed under answer id 2356