PSN "bucato" dagli hacker [UPDATE: riparte il PSN in Giappone]

[Mystic]

http://www.vg247.com/2011/05/03/report-sony-loses-12700-credit-card-numbers/


SOE: 12,700 old CC numbers, 10,700 DD records breache
The hits just keep coming for Sony. Following all-too-soon after the news that Sony Online Entertainment servers had been taken offline, the company has now confirmed that it "may" have lost 12,700 customer credit card numbers.

[Turrican3]

Mi hai anticipato di un soffio.

Sostanzialmente degli hacker hanno avuto accesso (anche? non è chiaro se si tratti delle stesse persone che hanno "bucato" il PSN, le date delle intrusioni rilevate differiscono) ai dati dell'affiliata Sony Online Entertainment, che si occupa prevalentemente di MMO.

Le due press release:

http://www.soe.com/securityupdate/pressrelease.vm
http://www.soe.com/securityupdate

SONY ONLINE ENTERTAINMENT ANNOUNCES THEFT OF DATA FROM ITS SYSTEMS
Breach Believed to Stem From Initial Criminal Hack of SOE

Tokyo, May 3, 2011 - Sony Corporation and Sony Computer Entertainment announced today that their ongoing investigation of illegal intrusions into Sony Online Entertainment LLC (SOE, the company) systems revealed yesterday morning (May 2, Tokyo time) that hackers may have stolen SOE customer information on April 16th and 17th, 2011 (PDT).  SOE is based in San Diego, California, U.S.A.

This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007.  The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.

With the current outage of the PlayStation® Network and Qriocity™ services and the ongoing investigation into the recent attacks, SOE had also undertaken an intensive investigation into its system. Upon discovery of this additional information, the company promptly shut down all servers related to SOE services while continuing to review and upgrade all of its online security systems in the face of these unprecedented cyber-attacks.

On May 1, Sony apologized to its customers for the inconvenience caused by its network services outages.  The company is working with the FBI and continuing its own full investigation while working to restore all services.

Sony is making this disclosure as quickly as possible after the discovery of the theft, and the company has posted information on its website and will send e-mails to all consumers whose data may have been stolen.

The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:

   * name
   * address
   * e-mail address
   * birthdate
   * gender
   * phone number
   * login name
   * hashed password.

In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:

   * bank account number
   * customer name
   * account name
   * customer address.

SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a "make good" plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.

Additionally, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region.

Sony Online Entertainment LLC (SOE) has been a recognized worldwide leader in massively multiplayer online games since 1999.  Best known for its blockbuster hits and franchises, including EverQuest®, EverQuest® II, Champions of Norrath®, PlanetSide®, Free Realms®, Clone Wars Adventures™, and DC Universe Online™, SOE creates, develops and provides compelling online entertainment for virtually all platforms, including the PlayStation®3 Computer Entertainment System, Personal Computer, mobile and social networks.  SOE is building on its proven legacy and pioneering the future of the interactive entertainment space through creative development and inspired gameplay design for audiences of all ages.  To learn more, visit www.soe.com.

For more information and update about the SOE services, please visit www.soe.com/securityupdate.

About Sony Corporation
Sony Corporation is a leading manufacturer of audio, video, game, communications, key device and information technology products for the consumer and professional markets. With its music, pictures, computer entertainment and on-line businesses, Sony is uniquely positioned to be the leading electronics and entertainment company in the world. Sony recorded consolidated annual sales of approximately $78 billion for the fiscal year ended March 31, 2010. Sony Global Web Site: http://www.sony.net/

About Sony Computer Entertainment Inc.
Recognized as the global leader and company responsible for the progression of consumer-based computer entertainment, Sony Computer Entertainment Inc. (SCEI) manufactures, distributes and markets the PlayStation® game console, the PlayStation®2 computer entertainment system, the PSP® (PlayStation®Portable) handheld entertainment system and the PlayStation®3 (PS3®) system. PlayStation has revolutionized home entertainment by introducing advanced 3D graphic processing, and PlayStation 2 further enhances the PlayStation legacy as the core of home networked entertainment. PSP is a handheld entertainment system that allows users to enjoy 3D games, with high-quality full-motion video, and high-fidelity stereo audio. PS3 is an advanced computer system, incorporating the state-of-the-art Cell processor with super computer like power. SCEI, along with its subsidiary divisions Sony Computer Entertainment America Inc., Sony Computer Entertainment Europe Ltd., and Sony Computer Entertainment Korea Inc. develops, publishes, markets and distributes software, and manages the third party licensing programs for these platforms in the respective markets worldwide. Headquartered in Tokyo, Japan, SCEI is an independent business unit of the Sony Group.

SECURITY UPDATE
   
As previously announced, we have been conducting an ongoing, thorough investigation stemming from the cyber attack in April and promised to notify you should there be any changes to the situation.

A press release was issued today outlining these details. We will promptly send a customer service notification via email to all of our impacted account holders whose customer data may have been stolen as a result of an illegal intrusion on our systems. This information was discovered less than 24 hours ago and in response, we took down our services until we could verify their security.

SOE is committed to delivering secure, stable and entertaining games for players of all ages and we're working around the clock to ensure this situation is resolved as quickly as possible. We deeply regret the inconvenience this has caused and appreciate your continued patience and feedback.

Sincerely,
Sony Online Entertainment

CUSTOMER SERVICE NOTIFICATION
May 2, 2011

Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems.  We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack.   Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained. We will be notifying each of those customers promptly.

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.

We apologize for the inconvenience caused by the attack and as a result, we have:

1) Temporarily turned off all SOE game services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

We have also provided names and contact information for the three major U.S. credit bureaus below.
[...]
We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1 (866) 436-6698 should you have any additional questions.

Sincerely,

Sony Online Entertainment LLC

[Frozzo]

[Kiwi]

LOL!

[Giulo75]

Ma che cialtroni.  :doubt2:

[SilentBobZ]

"Non c'è pace per Sony e gli hacker violano anche Sony Online Entertainment, dopo l'attacco a Playstation Network. Ora a essere in pericolo sono i dati di 24,6 milioni di utenti. Sembra che gli intrusi abbiano sfondato i sistemi di sicurezza di un vecchio database in disuso, posto in una location differente dalla server farm principale della compagnia di Tokio."

http://www.ilsole24ore.com/art/tecnologie/2011-05-03/hacker-hanno-colpito-anche-104359.shtml?uuid=AahMgwTD

Con un pertugio aperto al mondo, ci si espone ad una sodomia non desiderata.

Questa massima dei poveri, esce dal mio io come un conato di vomito indomabile, grande invenzione il web , grande opportunità' di sapienza , ma per chi ama la riservatezza c'e' poco da fare.

[Mystic]

hahahah in germania ho visto un servizio sulla sony e quanto accaduto in queste settimane..

finiva in questo modo: "i giocatori intelligenti ora cambieranno pw dell'account sony... quelli ancora più intelligenti sono già passati alla concorrenza" 

[Turrican3]

In tutta questa faccenda la cosa che trovo più assurda sono le lamentele sul PSN "disattivato".

Ora, capisco benissimo la scocciatura di non poter giocare online e compagnia bella, ma la gravità dell'accaduto, almeno a mio modo di vedere, sta altrove. La stessa faccenda dei numeri di carta di credito (qualora confermata) sarebbe relativamente secondaria secondo me, perchè di solito ci sono ampie coperture assicurative contro le frodi e male che vada ti ritrovi con il fastidio di dover cambiare carta; il vero, immane pasticcio IMHO sta nella compromissione dei sistemi che ha portato all'acquisizione non autorizzata di dati personali di decine di milioni di persone.

[Turrican3]

Per quel che vale (prendetela con le pinze perchè non ho trovato conferme se non per lo schemino grafico, che circola nella versione con testo in giapponese) questi sarebbero i dettagli "tecnici" dell'intrusione e il numero di account compromessi/trafugati suddiviso per nazione:

[Turrican3]

Today our global network and security teams at Sony Network Entertainment and Sony Computer Entertainment began the final stages of internal testing of the new system, an important step towards restoring PlayStation Network and Qriocity services.

As previously mentioned, we’ve been working around the clock to rebuild the network and enhance protections of your personal data. It’s our top priority to ensure your data is safe when you begin using the services again.

We understand that many of you are eager to again enjoy the PlayStation Network and Qriocity entertainment services that you love, so we wanted you to be aware of this milestone and our progress. We will provide additional updates as soon as we can.

Important Step for Service Restoration

Last weekend, Sony Computer Entertainment announced that we will provide complimentary enrollment in an identity theft protection program. Here are the details of this program for PlayStation Network and Qriocity account holders in the United States only. We are working to make similar programs available in other countries/territories where applicable. Information will be posted on local websites/blogs when available.

Sony Computer Entertainment and Sony Network Entertainment International have made arrangements with Debix, Inc., one of the industry’s most reputable identity protection firms, to offer AllClear ID Plus at no cost to PlayStation Network and Qriocity account holders for 12 months from the time an account holder registers for the program.

Please note that we will start sending out activation emails for this program over the next few days, and you will have until June 18th to sign-up and redeem your code. You will need to sign up directly through AllClearID, not on Sony’s websites, and details, including step-by-step instructions for the program, will be emailed to United States PSN and Qriocity Account holders soon.

The details of the program include, but are not limited to:

    * Cyber monitoring and surveillance of the Internet to detect exposure of an AllClear ID Plus customer’s personal information, including monitoring of criminal web sites and data recovered by law enforcement. If his/her personal information is found, the customer will be alerted by phone and/or email and will be provided advice and support regarding protective steps to take. The customer will also receive monthly identity status reports. Debix works with an alliance of cyber-crime experts from the government, academia and industry to provide these services.
    * Priority access to licensed private investigators and identity restoration specialists. If an AllClear ID Plus customer receives an alert, or otherwise suspects that he/she may be the victim of identity theft, the customer can speak directly, on a priority basis, with an on-staff licensed private investigator, who will conduct a comprehensive inquiry. In the case of an identity theft, the customer can work with an identity restoration specialist to contact creditors and others, and take necessary steps to restore the customer’s identity.
    * A $1 million identity theft insurance policy per user to provide additional protection in the event that an AllClear ID Plus customer becomes a victim of identity theft. This insurance would provide financial relief of up to $1 million for covered identity restoration costs, legal defense expenses, and lost wages that occur within 12 months after the stolen identity event.

More information will be available on the enrollment page, a link which will be included in the email you will receive.

We continue to work around the clock to have some PlayStation Network services and Qriocity services restored, and will be providing you specific details shortly.

Thank you.

Sony Offering Free ‘AllClear ID Plus’ Identity Theft Protection in the United States through Debix, Inc.

    Dear Friends,

    I know this has been a frustrating time for all of you.

    Let me assure you that the resources of this company have been focused on investigating the entire nature and impact of the cyber-attack we’ve all experienced and on fixing it. We are absolutely dedicated to restoring full and safe service as soon as possible and rewarding you for your patience. We will settle for nothing less.

    To date, there is no confirmed evidence any credit card or personal information has been misused, and we continue to monitor the situation closely. We are also moving ahead with plans to help protect our customers from identity theft around the world. A program for U.S. PlayStation Network and Qriocity customers that includes a $1 million identity theft insurance policy per user was launched earlier today and announcements for other regions will be coming soon.

    As we have announced, we will be offering a “Welcome Back” package to our customers once our PlayStation Network and Qriocity services are up and running. This will include, among other benefits, a month of free PlayStation Plus membership for all PSN customers, as well as an extension of subscriptions for PlayStation Plus and Music Unlimited customers to make up for time lost.

    As a company we — and I — apologize for the inconvenience and concern caused by this attack. Under the leadership of Kazuo Hirai, we have teams working around the clock and around the world to restore your access to those services as quickly, and as safely, as possible.

    I know some believe we should have notified our customers earlier than we did. It’s a fair question. As soon as we discovered the potential scope of the intrusion, we shut down the PlayStation Network and Qriocity services and hired some of the best technical experts in the field to determine what happened. I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had — or had not — been taken.

    As a result of what we discovered we notified you of the breach. Our investigation is ongoing, and we are upgrading our security so that if attacks like this happen again, our defenses will be even stronger.

    In the last few months, Sony has faced a terrible earthquake and tsunami in Japan. But now we are facing a very man-made event – a criminal attack on us — and on you — and we are working with the FBI and other law enforcement agencies around the world to apprehend those responsible.

    In the coming days, we will restore service to the networks and welcome you back to the fun. I wanted to personally reach out and let you know that we are committed to serving you to the very best of our ability, protecting your information better than ever, and getting you back to what you signed up for – all the games and great entertainment experiences that you expect from Sony.

    With best regards,
    Howard Stringer

A Letter from Howard Stringer

In sintesi: Sony sta ultimando i test di verifica interna del PSN che dovrebbero portare in tempi brevi al ripristino del network comunicato alcuni giorni addietro; negli USA (ma in futuro potrebbero essere interessate anche altre nazioni) verranno offerti gratuitamente 12 mesi di copertura assicurativa per i danni causati da furto di identità; il presidente di Sony, Sir Howard Stringer fa il punto della situazione con le scuse agli utenti.

[Reiz]

in tempi brevi... sono due sottimane che è down  :boom:

[Turrican3]

Yep, ma l'annuncio ufficiale della ripresa parziale dei servizi "durante la settimana" è arrivato solo domenica scorsa.

Vedremo.

[Turrican3]

As you may know, we've begun the process of restoring the service through internal testing of the new system. We're still working to confirm the security of the network infrastructure, as well as working with a variety of outside entities to confirm with them of the security of the system. Verifying the system security is vital for the process of restoration. Additional comprehensive system checks and testing are still required, and we must complete that process before bringing the systems online.

As you've heard us say, our utmost priorities are the security of the network and ensuring your data is safe. We won't restore the services until we can test the system's strength in these respects.

When we held the press conference in Japan last week, based on what we knew, we expected to have the services online within a week. We were unaware of the extent of the attack on Sony Online Entertainment servers, and we are taking this opportunity to conduct further testing of the incredibly complex system. We know many of you are wanting to play games online, chat with your friends and enjoy all of the services PlayStation Network and Qriocity services have to offer, and trust me when I say we're doing everything we can to make it happen. We will update you with more information as soon as we have it. We apologize for the delay and inconvenience of this network outage.

Service Restoration Update

Both Kazuo Hirai and Sir Howard Stringer have stated that we will be offering identity theft protection for those affected by the malicious attack on PlayStation Network and many of you may have seen the details of the service available in North America.

As I have explained previously, creating a similar offering for the many countries within the SCEE region is a very complicated process. Each country has a different way of handling identity theft; some offer relatively sophisticated services whilst others are much more modest.

We are currently in the process of identifying how we manage this situation and once the programme is ready to launch, we will provide details of exactly which services are available in each country and explain how to sign up. We hope to do this early next week.

Also, look out for more information on the rest of our Welcome Back programme, including which free content you will be eligible for. We will be offering PSN users the opportunity to select two PS3 games from a list of five, as well as offering PSP users the opportunity to choose two games from a list of four. We will let you know exactly what games are available very soon.

Please be assured that we are continuing to work around the clock to have some PlayStation Network and Qriocity services restored and will provide you with specific details shortly.

SCEE's Identity Theft Protection Offering

Sony comunica che lo stop ai servizi PSN si protrarrà ulteriormente fino al termine delle verifiche dei "nuovi" sistemi di sicurezza. Dal blog Europeo arrivano i primi dettagli sul "Welcome Back" program: gli utenti PSN potranno scegliere due giochi PS3 da una lista di cinque, mentre gli utenti PSP potranno scegliere due giochi da una lista di quattro. Ulteriori informazioni verranno fornite in seguito, appena disponibili.

[Turrican3]

"E' Nintendo! Sono loro è una congiura non lo capisci!?"
"Noooo! Non prenderò mai l'Xbox!!"

[Blasor]

Ha ragione: