Sony has admitted that its PlayStation Network, which has been offline for a week, has been hacked and that the personal details of millions of users have been stolen.
In an email to members, posted on the PlayStation blog, the company explained: ‘Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity passwords and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.’
It also said that while it had no evidence that credit card details had been taken, it couldn’t rule it out. ‘If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may also have been obtained,’ said the email.
PlayStation Network has around 70 million users worldwide, although Sony hasn’t said how many accounts were compromised. The company was immediately criticised in blog comments and on Twitter for taking so long to warn customers of the security breach. It responded in a post on the European PlayStation blog. ‘It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly yesterday evening,’ wrote Nick Caplin, Head of Communications for Sony Computer Entertainment Europe.