PSN "bucato" dagli hacker [UPDATE: riparte il PSN in Giappone]

[Turrican3]

UPDATE 12

http://www.sony.net/SonyInfo/News/Press/201107/11-0704E/index.html

Ripristino del PSN in Giappone dal 6 luglio

===================================

UPDATE 11

http://blog.eu.playstation.com/2011/06/03/welcome-back-content-is-available-now-frequently-asked-questions-answered/

Pacchetto gratuito Welcome Back disponibile, istruzioni/FAQ dal PSBlog.

===================================

UPDATE 10

http://blog.eu.playstation.com/2011/06/02/playstation-store-is-available-now/

Il PS Store è stato riaperto il 2 giugno, il pacchetto Welcome Back sarà reso disponibile in seguito.

===================================

UPDATE 9

http://blog.us.playstation.com/2011/05/30/full-psn-services-including-playstation-store-return-this-week/

Sony annuncia ufficialmente la riapertura del PS Store durante questa settimana in America, Europa/territori PAL e Asia.

===================================

UPDATE 8

Dettagli definitivi del "Welcome Pack" per l'Europa:

https://www.gamers4um.it/public/smf/index.php?topic=7303.msg94551#msg94551
http://blog.eu.playstation.com/2011/05/16/details-of-the-welcome-back-programme-for-scee-users-2/

===================================

UPDATE 7

Ripristinati parzialmente i servizi PSN (obbligatorio aggiornamento firmware 3.61 e cambio password), la piena ripresa è sempre prevista per fine maggio:

https://www.gamers4um.it/public/smf/index.php?topic=7303.msg94526#msg94526

===================================

UPDATE 6

Sony comunica che lo stop ai servizi PSN si protrarrà ulteriormente fino al termine delle verifiche dei "nuovi" sistemi di sicurezza. Dal blog Europeo arrivano i primi dettagli sul "Welcome Back" program: gli utenti PSN potranno scegliere due giochi PS3 da una lista di cinque, mentre gli utenti PSP potranno scegliere due giochi da una lista di quattro.

https://www.gamers4um.it/public/smf/index.php?topic=7303.msg94319#msg94319

===================================

UPDATE 5

Aggiornamento della situazione, PSN ancora down (al 05/05/2011), polizza assicurativa per utenti USA (potrebbe essere applicata in futuro ad altre region), lettera di scuse di Stringer:

http://blog.us.playstation.com/2011/05/05/important-step-for-service-restoration/
http://blog.us.playstation.com/2011/05/05/sony-offering-free-allclear-id-plus-identity-theft-protection-in-the-united-states-through-debix-inc/
http://blog.us.playstation.com/2011/05/05/a-letter-from-howard-stringer/

( vedi post integrale all'indirizzo --> https://www.gamers4um.it/public/smf/index.php?topic=7303.msg94283#msg94283 )

===================================

UPDATE 4

Compromessi anche i sistemi di Sony Online Entertainment (non è ancora chiaro se si tratti delle stesse persone che hanno "bucato" il PSN, le date delle intrusioni rilevate differiscono)

http://www.soe.com/securityupdate/pressrelease.vm
http://www.soe.com/securityupdate

( vedi post integrale all'indirizzo --> https://www.gamers4um.it/public/smf/index.php?topic=7303.msg94188#msg94188 )

===================================

UPDATE 3

Sony conferma la ripresa parziale dei servizi PSN nel corso di questa settimana, annuncia programma "Welcome Back" (download gratuito di contenuti, 1 mese di PS+ gratis)

SOME PLAYSTATION®NETWORK AND QRIOCITY™ SERVICES TO BE AVAILABLE THIS WEEK
Phased Global Rollout of Services to Begin Regionally;
System Security Enhanced to Provide Greater Protection of Personal Information

Tokyo, May 1, 2011 – Sony Computer Entertainment (SCE) and Sony Network Entertainment International (SNEI, the company) announced they will shortly begin a phased restoration by region of PlayStation®Network and Qriocity™ services, beginning with gaming, music and video services to be turned on. The company also announced both a series of immediate steps to enhance security across the network and a new customer appreciation program to thank its customers for their patience and loyalty.

Following a criminal cyber-attack on the company's data-center located in San Diego, California, U.S.A., SNEI quickly turned off the PlayStation Network and Qriocity services, engaged multiple expert information security firms over the course of several days and conducted an extensive audit of the system. Since then, the company has implemented a variety of new security measures to provide greater protection of personal information. SNEI and its third-party experts have conducted extensive tests to verify the security strength of the PlayStation Network and Qriocity services. With these measures in place, SCE and SNEI plan to start a phased rollout by region of the services shortly. The initial phase of the rollout will include, but is not limited to, the following:

   * Restoration of Online game-play across the PlayStation®3 (PS3) and PSP® (PlayStation®Portable) systems
     -This includes titles requiring online verification and downloaded games
   * Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers
   * Access to account management and password reset
   * Access to download un-expired Movie Rentals on PS3, PSP and MediaGo
   * PlayStation®Home
   * Friends List
   * Chat Functionality

[...]
ndTurry: tagliato per limiti di spazio, l'intero contenuto del post del PSBlog si può leggere qui https://www.gamers4um.it/public/smf/index.php?topic=7303.msg94135#msg94135 o nel link dopo il quote

Press Release: Some PlayStation Network and Qriocity Services to be Available This Week


=============================================


UPDATE 2

Postata nuova Q&A su PS Blog

Q: Are you working with law enforcement on this matter?
   A: Yes, we are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.

   Q: Was my personal data encrypted?
   A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

   Q: Was my credit card data taken?
   A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.

   Q: What steps should I take at this point to help protect my personal data?
   A: For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

   Q: What if I don't know which credit card I've got attached to my PlayStation Network account?
   A: If you've added funds to your PlayStation Network wallet in the past, you should have received a confirmation email from "DoNotReply@ac.playstation.net" at the email address associated with your account. This email would have been sent to you immediately after you added the funds, and will contain the first 4 digits and last 4 digits of your credit card number. You can also check your previous credit card statements to determine which card was attached to your PlayStation Network or Qriocity accounts.

   Q: When or how can I change my PlayStation Network password?
   A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.

   Q: Have all PlayStation Network and Qriocity users been notified of the situation?
   A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and recognize that not every email will still be active, but this process has been underway since yesterday. At this time, the majority of emails have been sent and we anticipate that all registered accounts will have received notifications by April 28th. Consumers may also visit www.us.playstation.com/support and www.qriocity.com for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed.

   Q: What steps is Sony taking to protect my personal data in the future?
   A: We've taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network's security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.

   Q: Has Sony identified the party or parties responsible for the PlayStation Network hack and subsequent theft of personal information?
   A: We are currently conducting a thorough investigation of the situation and are working closely with a recognized technology security firm and law enforcement in order to find those responsible for this criminal act no matter where in the world they might be located.

   Q: When will the PlayStation Network and Qriocity be back online?
   A: Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.

Q&A #1 for PlayStation Network and Qriocity Services


=============================================

UPDATE 1

Sony conferma ufficialmente l'intrusione non autorizzata nel sistema

Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.

We're working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.

   Valued PlayStation Network/Qriocity Customer:
   We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

      1. Temporarily turned off PlayStation Network and Qriocity services;
      2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
      3. Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

   We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

   Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

   For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

   To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

   [...]

   We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.

   Sincerely,
   Sony Computer Entertainment and Sony Network Entertainment

Update on PlayStation Network and Qriocity

I wanted to take this opportunity to clarify a point and answer one of the most frequently asked questions today.

There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.

For those who were looking there's also an FAQ with some more frequently asked questions

Thank you for your continued patience and support.

Clarifying a Few PSN Points


=============================================

ORIGINAL POST

An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th. Providing quality entertainment services to our customers and partners is our utmost priority. We are doing all we can to resolve this situation quickly, and we once again thank you for your patience. We will continue to update you promptly as we have additional information to share.

http://blog.us.playstation.com/2011/04/22/update-on-playstation-network-qriocity-services/

We sincerely regret that PlayStation Network and Qriocity services have been suspended, and we are working around the clock to bring them both back online. Our efforts to resolve this matter involve re-building our system to further strengthen our network infrastructure. Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security.

We thank you for your patience to date and ask for a little more while we move towards completion of this project. We will continue to give you updates as they become available.

http://blog.us.playstation.com/2011/04/23/latest-update-for-psnqriocity-services/

Il PSN è "spento" da diversi giorni per via di un accesso non autorizzato da parte di sconosciuti. L'ultimo aggiornamento sulla situazione da parte di Sony (via PSblog) è a dir poco inquietante: stanno - testuali parole - "ricostruendo il sistema per rafforzare ulteriormente la loro infrastruttura di rete".

Qualsiasi cosa voglia dire "ricostruendo", la situazione è questa.

[Reiz]

ho letto da qualche parte che riparte oggi in USA e domani in Europa

[Turrican3]

I know you are waiting for additional information on when PlayStation Network and Qriocity services will be online. Unfortunately, I don't have an update or timeframe to share at this point in time.

As we previously noted, this is a time intensive process and we're working to get them back online quickly. We'll keep you updated with information as it becomes available. We once again thank you for your patience.

http://blog.us.playstation.com/2011/04/25/psn-update/

Questo post (sempre dal blog ufficiale) è datato ieri e ancora non riportava date certe.

Di più nin zo.

[Reiz]

Per il psn girà voce sia dovuto a un custom firmware che permette di connettersi online facendo riconoscere la console come device di debug, ciò permetterebbe il download gratis di tutti i contenuti del PSN.
Pare che sony abbia bloccato il PSN per quello in attesa di mettere una pezza alla cosa.
Plausibile?

[Turrican3]

Boh tutto è possibile... certo non mi aspetto che Sony scenda nei dettagli delle problematiche tecniche, non ne vedo il motivo (anzi le si potrebbe ritorcere contro considerato che in questi giorni c'è già abbastanza incertezza attorno all'accaduto).

[Sirio]

Plausibile?

Imho non si lasciano a piedi milioni di giocatori ( a pasqua e con giochi tipo socom appena sui scaffali ) per questo motivo , secondo me ci sono ragioni importanti di sicurezza . Sicurezza evidentemente violata , non credo sia una coincidenza l accaduto dopo le recentissime battaglie legali contro proprio noti hacker .

Ovviamente potrei benissimo essermi sbagliato  :) ma questa e' la mia ''sensazione'' !

[gerzam]

Imho non si lasciano a piedi milioni di giocatori ( a pasqua e con giochi tipo socom appena sui scaffali ) per questo motivo , secondo me ci sono ragioni importanti di sicurezza . Sicurezza evidentemente violata , non credo sia una coincidenza l accaduto dopo le recentissime battaglie legali contro proprio noti hacker .

Ovviamente potrei benissimo essermi sbagliato  :) ma questa e' la mia ''sensazione'' !

E io la penso esattamente come te ;)

..ad esempio dati personali o delle Carte di Credito?

[maxam]

Certo che stanno facendo una figura barbina....

Non sono più le Sony di una volta.  :lol2:

[Mystic]

nell'ultimo comunicato la sony consiglia di tener d'occhio le transazioni della carta di credito...

annamo bene 

[Sirio]

nell'ultimo comunicato la sony consiglia di tener d'occhio le transazioni della carta di credito...

annamo bene 

:omg:

[Mystic]

:omg:

eh si... la situazione sembra parecchio grave

io che vivo in simbiosi con la carta di credito ora sono costretto a chiamare la banca per verificare le transazioni

grassie sony  

[maxam]

Si, ma se trovassi sulla mia carta una transazione illecita su chi mi rivalgo, su Sony?

Dilettanti allo sbaraglio. :ohno:

[Mystic]

Si, ma se trovassi sulla mia carta una transazione illecita su chi mi rivalgo, su Sony?

assolutamente no...

tu ovviamente vai dalla tua banca...

poi ci sono varie carte di credito con vari tipi di "assicurazioni" che tutelano il cliente proprio in questi casi.

EDIT: ho appena controllato il conto della mia carta di credito. tutto nella norma. nessuna transazione sospetta

[Turrican3]

Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.

We're working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.

    Valued PlayStation Network/Qriocity Customer:
    We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

       1. Temporarily turned off PlayStation Network and Qriocity services;
       2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
       3. Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

    We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

    Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

    For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

    To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

    [...]

    We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.

    Sincerely,
    Sony Computer Entertainment and Sony Network Entertainment

Update on PlayStation Network and Qriocity

I wanted to take this opportunity to clarify a point and answer one of the most frequently asked questions today.

There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.

For those who were looking there's also an FAQ with some more frequently asked questions

Thank you for your continued patience and support.

Clarifying a Few PSN Points

Ho omesso una parte di scarso interesse in quanto relativa all'utenza USA.

In soldoni, hanno davvero "bucato" il sistema accedendo illecitamente a nomi, indirizzi di residenza ed email, data di nascita, password e login PSN, ecc. Non vi è certezza sull'eventualità che possano essere stati trafugati dati relativi alle carte di credito ma la cosa non può essere nemmeno esclusa, pertanto Sony avverte che il numero e la data di scadenza (ma non il codice di sicurezza) potrebbero rientrare tra le informazioni cui gli hacker hanno avuto accesso.

Entro una settimana alcuni dei servizi dovrebbero essere ripristinati.

[Mystic]

dove lavora la mia ragassa (una delle più grandi aziende di carte di credito sfizzere) hanno appena rilasciato un comunicato riguardo il problema con il psn

- ad oggi pare non ci siano transazioni "rubate". o meglio.. non hanno avuto ancora lamentele da parte dei clienti...
- ad ogni cliente che lo desidererà, verrà sostituita la carta di credito "gratuitamente".  normalmente vengono richiesti ca. 10-15 euri.