PSN PlayStation Network Downtime

Update 26th April 2011 – 21:00 GMT

Sony have released more details on their blog – personal data has indeed been compromised. The important bit:

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity passwords and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may also have been obtained.

So, if your PSN password is associated with your PSN email address anywhere else, time to change all other instances.

What is unavailable?

At the time of writing Sony’s PlayStation Network (PSN) has been unavailable for over 5 days. As an avid user of online gaming (mainly the Call of Duty series and Gran Turismo), this has now certainly reached the point where I’m getting a bit grumpy about it. Had we not had such good weather over the weekend, I’d probably be fuming! It’s still possible to play single player games and watch movies etc, but online gaming as well as internet based services such as LoveFilm aren’t available. The incredibly poor photo on the right shows what happens when I try to log in: “PlayStation®Network is currently undergoing maintenance”.

Why is it unavailable?

PSN is down because it was hacked last week. Well, Qriocity (pronounced ‘curiosity’) was hacked, that’s PSN’s media streaming service. Sony appears to have taken the view that it is best to take the entire service offline while they sure up their security.

Has any information been leaked?

This is a very interesting question, and one to which we haven’t yet got any answers. [See above update; we have now!] In order to sign in to PSN you need a valid email address. There are about 70 million registered accounts, so that’s quite a haul of valid email addresses. If those have got out, expect some spam (links to malware sites enticing you with Adobe products appear to be most in fashion at the moment). However, the real haul would be the credit card details many users have on file to permit them to easily make purchases from the PlayStation Store. Sony offer all sorts of media from game extensions to the latest films for hire, so I’ll bet a good chunk of those 70 million users have credit card numbers stored along with their addresses on the PSN. If those have got out, it’ll get rather more interesting for everyone.

Why was PSN hacked?

As yet there’s no official answer. It could be simply an attempt to harvest the email addresses and credit card numbers mentioned above. I think there’s a good chance this event can be traced right back to the launch of the PlayStation 3 Slim in September 2009. Prior to that point Sony had an extremely geeky USP in that the original PS3s offered OtherOS – or the ability to install any operating system (normally Linux) on the unit to sit alongside Sony’s. Just before the slim was launched Sony enforced a software update that removed this functionality – probably due to game piracy concerns.

To cut a long story short this suddenly made it a challenge among the hacker community to find ways around Sony’s attempted block. Then followed the usual ping-pong match of loopholes being found and patches being released, but the sparks soon turned to flame when Sony filed a lawsuit against renowned hacker George Hotz (Geohot) who had published his PS3 jailbreak technique on his website. Many argue that Sony deserved this for removing one of the console’s key features – essentially they have mis-sold the product. Sony I would imagine see this as an unfortunate side effect of protecting the reproduction rights of game creators. While Sony and Hotz have reached an out of court settlement, speculation is rife that Hotz’s supporters have led this breach on Sony’s network.

When will PSN service be resumed?

Right now the best sources of information would be the PlayStation blog, or their twitter account @PlayStationEU. There’s also this entertaining site.

You should have bought an XBox!

I know some of you just can’t wait to cram the comments box with this sentiment, so I thought I’d save you the energy. ;)

3 comments so far

  1. Simon Stevinson on April 26th, 2011 13:32

    We could have enjoyed 15 days of (paid for) non-upivity if we’d bought XBoxes, Neil. :)

  2. Neil Mukerji on April 26th, 2011 23:55

    The recent update strongly implies that Sony have been storing passwords and credit card information unencrypted on their servers. It’s really hard to know how to digest that information!

  3. Paul Stewart on April 27th, 2011 19:21

    Still not sure that i would want an x-box, been there and got rid of. This is a big problem for Sony and we can only hope that everyone is rewarded in an exceptional way.

Leave a reply