Home / / Sony Online Entertainment hack happened 10th April

Sony Online Entertainment hack happened 10th April

Sony releases statement confirming hack has affected 24.5 million more users

Sony Online Entertainment hack happened 10th April
Sony has reveealed that the hack into the Sony Online Entertainment network may have happened as early as 10th April.

Sony has released a statement containing new information about the hack on Sony Online Entertainment that actually happened as early as 10th April.

According to the release, Sony only discovered this hack on Monday as it was a very complex and well hidden breach. The SOE network is still down and will remain down until the problem is fixed.

Sony has issued a Q&A to give users more information. See the release below:

Who is SOE?
Sony Online Entertainment LLC (SOE) is a recognised worldwide leader in massively multiplayer online games, with more than 20 million players logging into its online worlds in just the past year.  Best known for its blockbuster hits and franchises, including EverQuest, EverQuest II, Champions of Norrath, PlanetSide, Free Realms, Clone Wars Adventures, and DC Universe Online, SOE creates, develops and provides compelling online entertainment for virtually all platforms, including the PlayStation 3 Computer Entertainment System, Personal Computer, Macintosh, mobile and social networks.  Headquartered in San Diego, Calif., SOE is building on its proven legacy and pioneering the future of the interactive entertainment space through creative development and inspired gameplay design for audiences of all ages. 

Facts and Chronology of Events
April 10
Unauthorised person gains access to SOE's system

April 20 (PST)/ April 21 (JST)
Temporarily shut down services and SOE issued statement on its website
Investigation revealed system vulnerabilities so SOE issued a security patch
SOE also confirmed personal information had not been taken
SOE restarted services on the 21st at approximately 3pm PST

April 20 - May 1 (PST)/April 21 - May 2 (JST)
SOE continues extensive investigation
Based on information available at the time, SOE had no knowledge of stolen customer data

14:30 May 1 (PST)/ 6:30 May 2 (JST)
SOE discovered that customer data may have been stolen SOE continued thorough investigation

1:38 May 2 (PST)/ 17:38 May 2 (JST)
SOE promptly pulled down SOE's services

2:00 May 2 (PST)/ 18:00 May 2 (JST)
SOE start sending customer service notification to impacted players via email

The PlayStation Network and Qriocity services were brought down to secure and improve the network security.  Will Sony Online Entertainment do the same?
We pulled down Sony Online Entertainment's services last night to verify its security and will provide an update soon as to when it will go back online.

Are SOE's servers the same for that of SNEI's servers? What's the connection with these incidents?
While the intrusions are related, SOE's servers are different from that of SNEI's servers. 

How is the SOE intrusion related to the PSN/Qriocity intrusion?  Is this a second attack on SOE?
While the two systems are distinct and operated separately, given that they are both under the Sony umbrella, there is some degree of architecture that overlaps.  The intrusions were similar in nature.  This is NOT a second attack; new information has been discovered as part of our ongoing investigation of the external intrusion in April. 

How did the intrusion occur?
There was a vulnerability in a common framework library that is in common use on the Internet. It is open source software. We are not providing specifics on exactly what the vulnerability was for security purposes.

How many accounts were impacted and to what extent?
The database that was compromised consisted of 24.6 million account records containing  one or more of the following: name, address, email address, birthdate, gender, phone number, login name, and hashed password, to the extent provided.  Approximately 8.8 million of these are non-U.S and of these approximately 185,000 were Japanese.

Additionally, an outdated database from 2007 containing approximately 12,791 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,740 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain were obtained.  However, there is no evidence that our main credit card database was compromised.  It is in a completely separate and secure environment. 

How many active credit and debit cards were impacted?
Approximately 900 out of the 12,700 were not expired.

Why were only non-US credit card accounts affected?
These accounts happened to be grouped together in a data table and separate from the rest of the data.

Why was the outdated database on the system?
We are currently investigating as this was just discovered yesterday and therefore we do not have any more specifics.

What is the breakdown of approximately 12,791 of non-US credit/debit card information that was taken by country?
Austria                 51

Australia              336

Belgium               111

Switzerland        26

Germany             415

Denmark             347

Spain                     114

Finland                 80

France                  921

Great Britain      5320

Greece                 53

Ireland                 41

Italy                       86

Japan                    4317

Luxembourg      5

Netherlands      51

Norway                                140

Portugal               26

Sweden                                364

What is the breakdown of approximately 10,740 direct debit records listing bank account numbers of certain customers?
Germany             8,991

Austria                 837

Netherlands      861

Spain                     60

What can 3rd parties do with this information?
We have no information Sony Online Entertainment account information has been improperly used. Nonetheless, to protect against possible identity theft or other financial loss, we encourage consumers to remain vigilant, review their account statements and monitor their credit reports.  

Additionally, if a consumer uses the same user name or password for his or her Station account for other unrelated services or accounts, we strongly recommend that the consumer change the information for those accounts.  When the SOE services are back online, we also strongly recommend that consumers log on to change their passwords. We encourage consumers to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact consumers in any way, including by email, asking for credit card number, social security number or other personally identifiable information. If consumers are asked for this information, they can be confident Sony is not the entity asking.

Until May 1st, you thought no data was extracted, what changed?
Essentially the perpetrators used sophisticated means not only to access the data, but also cover their tracks.  We committed to continue the investigation and by doing so uncovered further information that we did not have when we initially believed the data was not stolen.

Are any of these the same records as the PSN?
The simple answer is no since the two systems are completely different entities.

Who are you working with on this?  Will the FBI add this to the case on the PSN?
We are working closely with law enforcement, and have spent  time working with the FBI.

Where are the SOE servers located?
The servers in question are located in San Diego.

Who owns the customer information?
Sony Online Entertainment is the responsible party for the customer information.

Any report of unauthorised use of these credit cards or personal information?
As of this point we have no knowledge of any unauthorised use of the data.

Why didn't you bring down services upon 1st learning of the intrusion?
We did.  We initially took down our systems from approximately 3am April 21st to 3pm April 21st.  The initial data did not show that any customer data was stolen from our database.  Via our thorough investigation that has continued non -stop since the initial attack, we learned on Sunday, May 1st that the data may have been stolen and immediately took action to bring down our services Sunday night.  This was the result of a very sophisticated cyber attack that was extremely difficult to detect and through our examination we were able to uncover the details of the situation.

When will you resume online service?
We will have more information soon.  It will be as soon as we are 100% confident that we can resume a safe and secure service.

Are you planning on compensating customers?
Absolutely.  Our intention is to grant customers 30 days of additional time on their subscriptions in addition to compensating them one day for each day our system is down.  We are also in the process of outlining the "make good" plan for our PlayStation 3 MMOs (DC Universe Online and Free Realms) and plan on a similar offering, but the complexities of the subscription server dictate how and when this will be available.  We will be releasing more information this week.  The monthly fees vary by game and are as follows:  core MMOs $14.99, Free RealmsTM$4.99 and Clone Wars AdventuresTM is $5.99 per month.  The pricing tiers vary depending on the length of the subscription purchased upfront. 

Additionally, we are committed to helping our customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar program. The implementation will be at a local level and further details will be made available shortly in each region.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.