Sign in with
Sign up | Sign in

Sony: Some PSN Personal Info Wasn't Encrypted

By - Source: Sony | B 37 comments

Your credit card information was encrypted, but your personal information was not.

In addition to emailing each of the 77 million PSN users to inform them that their personal information has been compromised, Sony yesterday posted a FAQ addressing the more common questions and comments. However, the company has taken things one step further, posting what appears to be the first in a series of Q&As on the official PlayStation Blog.

Q&A #1 covers a lot of the same ground as yesterday’s FAQ. That said, there are some details in there that were not previously disclosed by Sony. In response to the frequently asked question, “Was my personal data encrypted?” Sony has issued the following response:

All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

In case you missed it yesterday, personal data compromised in the attack includes your name, address (city, state, zip), country, email address, birthdate, and PlayStation Network/Qriocity password and login and handle/PSN online ID. Sony says it’s also possible that your profile data, including purchase history and billing address (city, state, zip) was compromised. The company did not elaborate as to whether passwords and PSN/Qriocity IDs were included in the unencrypted personal data table.

Of course, the good news in all this is that credit card information, whether it was stolen or not, was encrypted. Sony says there’s no evidence to suggest that credit card info was compromised, but stresses that it can’t rule that out, and advises users to take the appropriate precautions to protect themselves against credit card fraud.

For those less worried about their personal data and more concerned with when PSN will be back online, Sony is sticking to the same statement it released yesterday:

“Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.”

Check out the Q&A here, and yesterday’s FAQ here. Stay tuned and we’ll keep you posted should FAQ #2 appear.

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 4 Hide
    Sphex , April 28, 2011 6:51 PM
    Wow Sony, hurry up! I don't have a life, so I can't deal with this!! :]
  • 3 Hide
    rasagul , April 28, 2011 6:52 PM
    I'm not even a console gamer but if they ever catch the group behind this they need to tie rabid ferrets to their genitals.
  • 0 Hide
    Hupiscratch , April 28, 2011 7:01 PM
    Well, I´ve been using a fake address anyway. But is a sad thing for everybody what´s happening.
  • Display all 37 comments.
  • 1 Hide
    house70 , April 28, 2011 7:01 PM

    If I had any financial info with Sony, I would still cancel my CC, just to be safe.
    It's bad enough they have the personal info, which for whatever "professional" reason was not encrypted.
    One more reason to trust Sony, now that I know they have a "very sophisticated security system". Because, everyone knows, a" very sophisticated security system" is sooooo much easier to setup instead of just encrypting the f#$%^ data!
    Pathetic.
  • 4 Hide
    Anonymous , April 28, 2011 7:04 PM
    "The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very useless security system that was breached in a malicious attack"

    fixed it for them
  • -5 Hide
    abswindows7 , April 28, 2011 7:09 PM
    Ghot is behind this for sure.
    GO GHOT
  • 3 Hide
    maestintaolius , April 28, 2011 7:11 PM
    If only they put half the work into securing our personal data into what they spend putting DRM systems on games.
  • 1 Hide
    Sphex , April 28, 2011 7:12 PM
    abswindows7Ghot is behind this for sure.GO GHOT

    I'm pretty sure that they would sue him again if it was him, and take back any settlement money if they did
  • 2 Hide
    kinggraves , April 28, 2011 7:24 PM
    SphexI'm pretty sure that they would sue him again if it was him, and take back any settlement money if they did


    He didn't get "settlement money", he got the chance to not be sued by a major corporation, which is a good outcome in his situation. He also got an injunction, so if he were to be linked to this in any way, or further tampered with Sony products, he would either face SEVERE civil fines or even criminal charges. He got the chance to walk away, not doing so would be a horrible mistake.

  • -1 Hide
    Anonymous , April 28, 2011 7:26 PM
    well thats what happens when you got a big giant company that suck in security at least i will stick with microsoft for online and data protection hahaha looks like you loose sony
  • 0 Hide
    mchuf , April 28, 2011 7:38 PM
    Sony must have used Securom to protect their network. That's what I would use to screw my customers while making it easy for the "bad guys".
  • 0 Hide
    jednx01 , April 28, 2011 7:43 PM
    You would think that with all the money that sony makes off of the Playstation brand, they could get better security and could encrypt files. Heck, even my laptop has an encrypted harddrive. Why the heck doesn't Sony do that? Fail. Just fail...
  • 1 Hide
    nebun , April 28, 2011 7:50 PM
    really....every million and billion dollar company needs to encrypt their data...these are basics of network security...wtf?
  • 1 Hide
    vk_87 , April 28, 2011 7:53 PM
    "The personal data table, which is a separate data set, was not encrypted (as then it is easier to be hacked), but was, of course, behind *an extremely useless and incompetent* security system that was breached in a malicious attack"

    Fixed it even better!
  • 0 Hide
    jimsocks , April 28, 2011 7:54 PM
    damn you sony, and your microtransactions!
  • -2 Hide
    jgalecio , April 28, 2011 8:06 PM
    Bigger than Sony lets on: My friend called me the other day and Chase had called him informing him that an attempt to withdraw $4000 from his savings was blocked. He never had an incident like this before until he received that email from Sony in regards to the stolen PSN information. I have been personally checking my account as well and moved most of my money to another account that PSN is not associated with. Sony F****D up big time on this one!
  • -1 Hide
    hoofhearted , April 28, 2011 8:09 PM
    Passwords in the clear???? Can't be serious. Some PR guy must have botched this. Even the simplest implementations nowadays use some flavor of md5 3des or sha type symetric hash.
  • 0 Hide
    mikem_90 , April 28, 2011 8:10 PM
    rasagulI'm not even a console gamer but if they ever catch the group behind this they need to tie rabid ferrets to their genitals.


    You forgot the "painting said gentitals with silver glittery paint."

    Rabid ferrets + shiny = TOY TOY TOY!!
  • 0 Hide
    Razor064 , April 28, 2011 8:29 PM
    Now imagine if they used the same encryption key that was calculated by Team FailOverflow to sign this table xD
  • 0 Hide
    lamorpa , April 28, 2011 8:43 PM
    What is the purpose of filling the message with superlatives about super-deluxe avant garde extra special data security they had? It was breached. It makes no difference.
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter