On the company’s PlayStation.blog, Patrick Seybold senior director of corporate communications writes that the PlayStation maker will be “taking steps to make our services safer and more secure than ever before”.
That includes “a new system software update that will require all users to change their password once PlayStation Network is restored”. Currently, PSN accounts are locked out of the system, making a change to personal information and passwords impossible.
Furthermore, Sony says it is “initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data centre to a new, more secure location, which is already underway”.
For PSN account holders who may be concerned about the damage already done to their personal information or credit cards, Sony offers the following updates.
On the safety of your personal and financial information…
The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
On the credit card details that PlayStation Network and Qriocity do and do not store…
While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.
Additional details can be found at the PlayStation.blog.
Q&A #1 for PlayStation Network and Qriocity Services [PlayStation.blog]
bazuden
Thursday, April 28, 2011 at 12:23 PM“…moving our network infrastructure and data centre to a new, more secure location…”
I don’t know very much about network infrastructure and data centres, but moving them sounds like its gonna take forever ):
My work started work on a new data centre 2 years ago, and its still not ready yet. Hope PSN doesn’t take as long!
dawings
Thursday, April 28, 2011 at 12:36 PMI love how every one cries wolf like they never saw this coming. While I feel sorry for people who have had money stolen from their accounts, it goes without saying that the PSN service is lucky to have survived this far without attracting too much attention. This situation would be no different from if Microsoft had been the target instead because no electronic security is impregnable, you can only hope to stay ahead of the curb for so long.
Of course no body will ever admit this because every body is a “pro hacker” yo!
mccawsome
Thursday, April 28, 2011 at 12:52 PM“a new system software update that will require all users to change their password once PlayStation Network is restored”
I am hoping before the password change they validate users via email confirmation and not by validating details of the info that was stolen in the first place.
Matt
Thursday, April 28, 2011 at 1:01 PMI find it a little difficult to believe that the level of encryption used for the credit card table would be significantly more advanced than their “sophisticated” security system – which were breached in order for people to get at this information.
I also find it a little difficult to believe that it really was even that secure, given that sensitive data was being transmitted as plain text since day 1.
Lastly, the concept of a “more secure location” baffles me – although it could just be the way in which English is such a misleading language. It’s not like security servers were taken offline during, say, the recent seismological activity, so it can’t be a matter of physical location. So then perhaps the move is two-fold: a different location that has new machines with better security measures – then it begs the question, if the hardware is being upgraded, why the need to move? I guess my hope is that maybe the plan is to outsource the secure storage of data to a reputable company, I don’t even know. At least then Sony would be able to point the finger at someone else if/when it all goes wrong again & would have a “reason” to convert PSN to a paid service (in the same way Xbox Live operates).
The Gremlin
Thursday, April 28, 2011 at 3:37 PMI think Sony stands a snowball’s chance in hell of making the PSN a paid service now. Just saying.
Apris
Friday, April 29, 2011 at 4:34 AMFrom the wording of it i would say that there has been a physical breach or attempted physical breaches of the data center. It is a lot easier to bypass security systems if you have physical access to the servers.
PS to Xbox Switcher
Thursday, April 28, 2011 at 4:24 PMSevere loss of face. All I can see is the back of their head.
The same as they are going to see of me. I am a 3rd generation PS user but I always thought the Xbox must have something going for it with so many users, I am going to swap.
the guy who wrote this
Thursday, April 28, 2011 at 4:49 PMi find it misleading and ridiculous bc
1 y relocate when u can enhance the encryption with a bug and bring down any intruder from outside sony IP
2 sony makes up the money on PS HOME & PS STORE, so highly unlikely to make a paid service
3 crying about it doesnt fix the situation, if ur really that upset then go see a conselor. sony has stated since day 1 they will fix the problem so if it takes 2 weeks then so b it, go spend time wit friends n family n the mean time, or schedule an appointment with a pyschriactric doctor to help ur PSN depression
i was upset at first but the problems are fixed and we will have psn shortly
Anon
Thursday, April 28, 2011 at 7:02 PMThey might say they stored CC info encrypted, but they send it over the net plain text. PSN logs have proven this.
Apris
Friday, April 29, 2011 at 4:40 AMErm.
1) PSN sends data using HTTPS which is secure enough for credit card details. The same security your bank and Xbox LIVE uses. (yes IPsec would be nice though, maybe PS4 will get it)
2) The logs pointed out that CFW allows its creators to change how data is handled… which isn’t surprising after all CFW is a different Operating System.
Braaains
Thursday, April 28, 2011 at 11:31 PMWhy does Tom Cruise keep appearing in photos about the PSN breach? Is somebody discreetly trying to suggest that scientologists were responsible?
Kizaru
Friday, April 29, 2011 at 12:55 AM“…moving our network infrastructure and data centre to a new, more secure location…”
Did anyone else get a Eden of the East image of Sony moving their version of ‘Juiz’ here?