- SandBox Information Center
- Malware Analysis Search
- Articoli sulla sicurezza
- Blog sulla sicurezza [EN]
- Livello di pericolosità [EN]
- Minacce attuali di virus
- Tipi di malware [EN]
- Descrizione dei virus [EN]
- Statistiche sulla posta elettronica [EN]
- Testi, white paper generici ed altro
- La tecnologia Norman
Sony PlayStation Network severely compromised (UPDATED 2011-05-03)
Published: 2011-04-27
Updated: 2011-04-28
Updated: 2011-05-03
The foreplay
More than a week ago Sony's PlayStation Network (PSN) became inaccessible for its millions of users around the world.
Little information about the reason why was disclosed by Sony. The company wrote on the PlayStation blog 20 April:
We’re aware certain functions of PlayStation Network are down. We will report back here as soon as we can with more information.
Thank you for your patience.
The PSN continued to be down all Easter and Sony did not offer much more information. Blog items similar to the one above were published from Sony. A blog item 25 April said:
I know you are waiting for additional information on when PlayStation Network and Qriocity services will be online. Unfortunately, I don’t have an update or timeframe to share at this point in time.
As we previously noted, this is a time intensive process and we’re working to get them back online quickly. We’ll keep you updated with information as it becomes available. We once again thank you for your patience.
This of course resulted in huge speculation throughout Easter. The activist group Anonymous had earlier attacked Sony's PSN, but this group denied any involvement in this incident:
For Once We Didn't Do It
(...)
AnonOps was not related to this incident and does not take responsibility for whatever has happened.
Finally, substantial information from Sony
26 April Sony finally offered information that was more substantial. This turned out to exceed even the most pessimistic speculations. From Sony's blog item 26 April:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.
(...)
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. (...)Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
(...)
Sony also provided a Frequently Asked Question (FAQ) about the incident - Update on PSN Service Outages. This has contact information with telephone numbers for customers in a series of different countries.
Consequences and recommendations
This intrusion in PSN ranks among the biggest cyber security incidents of all time. One speculates that as many as 70-77 million accounts may have been affected and data stolen. The fact that credit card information is among this data, adds to the seriousness of the issue.
It is highly recommended that users follow the precautions that Sony recommends. Vigilance against phishing attempts using this incident is essential, as other groups than those behind the break-in will use the incident to try to extract information from you.
Changing your password when the network is back online is of course obvious. If you were using the same user credentials elsewhere, it is wise to change these immediately.
If your credit card was used through PSN or Qriocity, you should monitor the account thoroughly. Some have recommended that the incident equals your credit card being stolen, and that actions should be taken accordingly.
You should also monitor future information that Sony provides in this case. This is an extremely serious incident for Sony, and criticism about the company's lack of substantial information has been harsh. Sony will presumably try to remedy this by frequent updating, as more facts are known about this serious issue.
Update 2011-04-28
New information about the incident is published in the PlayStation Blog - Q&A #1 for PlayStation Network and Qriocity Services.
Sony states that credit card data was encrypted, while other personal data was not:
All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
Update 2011-05-03
Sony's problems seem to continue. The latest revelation is that almost 25 million customer's information from Sony Online Entertainment (SOE) have been stolen. This includes credit card information for 12 700 customers.
From Sony's press release:
(...) personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.
All SOE game services are temporarily turned off, Sony reports.
Thus, more than 100 million Sony customers may have been affected by the recent breach(es).
