Details On Sony's Plans To Fix What Went Wrong With PSN

Sony Computer Entertainment has issued an update on last week's "external intrusion" on its PlayStation Network, an attack that forced the network offline and may have exposed the personal information of millions of members.

On the company's PlayStation.blog, Patrick Seybold senior director of corporate communications writes that the PlayStation maker will be "taking steps to make our services safer and more secure than ever before".

That includes "a new system software update that will require all users to change their password once PlayStation Network is restored". Currently, PSN accounts are locked out of the system, making a change to personal information and passwords impossible.

Furthermore, Sony says it is "initiating several measures that will significantly enhance all aspects of PlayStation Network's security and your personal data, including moving our network infrastructure and data centre to a new, more secure location, which is already underway".

For PSN account holders who may be concerned about the damage already done to their personal information or credit cards, Sony offers the following updates.

On the safety of your personal and financial information...

The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

On the credit card details that PlayStation Network and Qriocity do and do not store...

While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.

Additional details can be found at the PlayStation.blog.

Q&A #1 for PlayStation Network and Qriocity Services [PlayStation.blog]


Comments

    "...moving our network infrastructure and data centre to a new, more secure location..."

    I don't know very much about network infrastructure and data centres, but moving them sounds like its gonna take forever ):

    My work started work on a new data centre 2 years ago, and its still not ready yet. Hope PSN doesn't take as long!

    I love how every one cries wolf like they never saw this coming. While I feel sorry for people who have had money stolen from their accounts, it goes without saying that the PSN service is lucky to have survived this far without attracting too much attention. This situation would be no different from if Microsoft had been the target instead because no electronic security is impregnable, you can only hope to stay ahead of the curb for so long.

    Of course no body will ever admit this because every body is a "pro hacker" yo!

    “a new system software update that will require all users to change their password once PlayStation Network is restored”
    I am hoping before the password change they validate users via email confirmation and not by validating details of the info that was stolen in the first place.

    I find it a little difficult to believe that the level of encryption used for the credit card table would be significantly more advanced than their "sophisticated" security system - which were breached in order for people to get at this information.

    I also find it a little difficult to believe that it really was even that secure, given that sensitive data was being transmitted as plain text since day 1.

    Lastly, the concept of a "more secure location" baffles me - although it could just be the way in which English is such a misleading language. It's not like security servers were taken offline during, say, the recent seismological activity, so it can't be a matter of physical location. So then perhaps the move is two-fold: a different location that has new machines with better security measures - then it begs the question, if the hardware is being upgraded, why the need to move? I guess my hope is that maybe the plan is to outsource the secure storage of data to a reputable company, I don't even know. At least then Sony would be able to point the finger at someone else if/when it all goes wrong again & would have a "reason" to convert PSN to a paid service (in the same way Xbox Live operates).

      I think Sony stands a snowball's chance in hell of making the PSN a paid service now. Just saying.

      From the wording of it i would say that there has been a physical breach or attempted physical breaches of the data center. It is a lot easier to bypass security systems if you have physical access to the servers.

    Severe loss of face. All I can see is the back of their head.
    The same as they are going to see of me. I am a 3rd generation PS user but I always thought the Xbox must have something going for it with so many users, I am going to swap.

    i find it misleading and ridiculous bc
    1 y relocate when u can enhance the encryption with a bug and bring down any intruder from outside sony IP
    2 sony makes up the money on PS HOME & PS STORE, so highly unlikely to make a paid service
    3 crying about it doesnt fix the situation, if ur really that upset then go see a conselor. sony has stated since day 1 they will fix the problem so if it takes 2 weeks then so b it, go spend time wit friends n family n the mean time, or schedule an appointment with a pyschriactric doctor to help ur PSN depression
    i was upset at first but the problems are fixed and we will have psn shortly

    They might say they stored CC info encrypted, but they send it over the net plain text. PSN logs have proven this.

      Erm.
      1) PSN sends data using HTTPS which is secure enough for credit card details. The same security your bank and Xbox LIVE uses. (yes IPsec would be nice though, maybe PS4 will get it)
      2) The logs pointed out that CFW allows its creators to change how data is handled... which isn't surprising after all CFW is a different Operating System.

    Why does Tom Cruise keep appearing in photos about the PSN breach? Is somebody discreetly trying to suggest that scientologists were responsible?

    “…moving our network infrastructure and data centre to a new, more secure location…”

    Did anyone else get a Eden of the East image of Sony moving their version of 'Juiz' here?

Join the discussion!

Trending Stories Right Now