Sony loses 70 million users' details in colossal PlayStation Network hack

Sony admits an "unauthorised person" has stolen the personal information of more than 70 million users of its PlayStation Network, which could be down for another week.

Nick Hide Managing copy editor
Nick manages CNET's advice copy desk from Springfield, Virginia. He's worked at CNET since 2005.
Expertise Copy editing, football, Civilization and other old-man games, West Wing trivia
Nick Hide
3 min read

An "unauthorised person" has stolen the personal information of more than 70 million users of Sony's PlayStation Network, the company has admitted.

The breach occurred on 19 April, more than a week ago, when Sony shut down its PSN and Qriocity online services, but the company has waited until now to warn its users that their data had been compromised.

The company said the following type of information was taken: "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained."

The major concern is financial data, however. "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," Sony warned. "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

Security experts speculated it was likely this was a criminal operation, rather than a lone hacker. Credit card details can be easily sold -- for around $3 each -- while email addresses and passwords are sold on to be harvested for scams.

A CNET UK reader who contacted us said his Gmail had been hacked last night and used to send out links. The reader, who does not want to be named, says his PSN account was registered using the Gmail address and used the same password for both, which he admitted was unwise. This could be a coincidence, but it's the kind of caper you should be wary of.

What you should do

Change your PSN and/or Qriocity passwords as soon as the service is back up and running, even if you rarely use them. If you use a similar password for other services, alter those immediately. If your PSN security answers were common to other services you use, contact those services and change your answers -- especially with your bank account.

"For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information," Sony advised.

PSN being out for more than a week has angered fans of the service, which has been constantly compared with Microsoft's Xbox Live since the two launched. "Hey PSN. I am hanging in there," user link1983 commented. "I am going to admit it is getting tough. I am taking abuse daily from people who own 360s. I am not going to defect, ever. I just hope this thing is resolved soon."

He could be hanging tough a while longer. "We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week," promised Sony. "We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable."

Are you a disgruntled PS3 owner? Or a happy Xbox fan? Feel free to vent or be insufferably smug in the comments below.