From the sounds of things, they just discovered a similar loop-hole as PSN's (Playstation Network) in all of their networks/systems, that could have been accessed in the same way, and just took it all down to be safe and get it all patched up.
The notice on Station.com basically says:
"During the investigation of our previous intrusion (PSN), we noticed another potential weak spot, so we took it all down just in case", and does not mention there was ANOTHER intrusion.
And even if there was another, people were actually there this time atleast, alert, and monitoring everything at the time of the intrusion this time.
So if they're lucky they shut it down before any major harm was done and might even have been able to track where it was coming from (seeing as the FBI and everything is involved).
They do and always have been. They handling account management and payments themselves. That is Station.sony.com !
I will tell my bank to be on the look out for fraudulent attempts.
Thing is, with the card I've used there is an added security feature where verification for most online purchases is sent via SMS to my phone. Since they don't have my phone, it cuts down on some of the damage they can do. There is a second layer of protection in that the card is extremely limited by what can be done with it. They cannot spend that much on it even over a month. So no possibillity of them emptying my bank account.
It also depends on where in the world they would use my card. One thing you might not realize, if you don't budge from your country much, is that using a card online is not as easy as you think. If you try to use it in a country different from where you got the card and where your bank account is located, even within the EU, it usually doesn't work. There is only one site I use regularly that seems to let people do that and I kinda wish they didn't, but I know why they don't.
They could however charge up a heck of a lot of Station Cash on my EQ2 account...
LMAO!! Instead of just coming out and say what has REALLY happened. We have to pay long distance and call THEM!! /FACEPALM!!
-------------------
EverQuest 2 [Amnerys] Any players that have concerns regarding their account status and security should contact CS at 1-858-537-0898 (10am – 7pm PST, Mon-Fri).
EverQuest 2 [Amnerys] Please use the following phone numbers for your international area. Remember that these numbers are not toll free and are considered long distance from within each country. Players using the "Outside France" phone number will be subject to International fees. UK: (44) 870-600-0267 - DE: (49) 180-500-7774 - FR: Inside France: (33) 825-120-549 - Outside France: (33) 171-230-495
Wow, judging by your excessive punctuation and caps, you are just loving the shit out of this aren't you? People possibly losing their livelihoods because of SOE gives you a rager I bet.
That's not long-distance. the 858 number is obviously Canada and US, while the others are for european players. Go ahead and call France and tell them you have an account question. They won't even have it on file there.
They do and always have been. They handling account management and payments themselves. That is Station.sony.com !
I will tell my bank to be on the look out for fraudulent attempts.
Thing is, with the card I've used there is an added security feature where verification for most online purchases is sent via SMS to my phone. Since they don't have my phone, it cuts down on some of the damage they can do. There is a second layer of protection in that the card is extremely limited by what can be done with it. They cannot spend that much on it even over a month. So no possibillity of them emptying my bank account.
It also depends on where in the world they would use my card. One thing you might not realize, if you don't budge from your country much, is that using a card online is not as easy as you think. If you try to use it in a country different from where you got the card and where your bank account is located, even within the EU, it usually doesn't work. There is only one site I use regularly that seems to let people do that and I kinda wish they didn't, but I know why they don't.
They could however charge up a heck of a lot of Station Cash on my EQ2 account...
Yes luckily my girlfriend and me have severely limited the countries in which the credit card can be used. So hopefully that will mitigate the damage somewhat if our personal and financial information at SOE has been comprimised.
All in all it just pisses me off that almost 12 hours later and they still do not give any information!
Especially for us EU customers it is now almost 22:00 CET evening and it's just not that easy to go to sleep with all this going on right now and being totally kept in the dark by SOE !!
LMAO!! Instead of just coming out and say what has REALLY happened. We have to pay long distance and call THEM!! /FACEPALM!!
-------------------
EverQuest 2 [Amnerys] Any players that have concerns regarding their account status and security should contact CS at 1-858-537-0898 (10am – 7pm PST, Mon-Fri).
EverQuest 2 [Amnerys] Please use the following phone numbers for your international area. Remember that these numbers are not toll free and are considered long distance from within each country. Players using the "Outside France" phone number will be subject to International fees. UK: (44) 870-600-0267 - DE: (49) 180-500-7774 - FR: Inside France: (33) 825-120-549 - Outside France: (33) 171-230-495
Wow, judging by your excessive punctuation and caps, you are just loving the shit out of this aren't you? People possibly losing their livelihoods because of SOE gives you a rager I bet.
That's not long-distance. the 858 number is obviously Canada and US, while the others are for european players. Go ahead and call France and tell them you have an account question. They won't even have it on file there.
Yes I am SOOOOOO enjoying it! Having all our personal and financial information stored at SOE and now possibly compromised!!
From the sounds of things, they just discovered a similar loop-hole as PSN's (Playstation Network) in all of their networks/systems, that could have been accessed in the same way, and just took it all down to be safe and get it all patched up.
The notice on Station.com basically says:
"During the investigation of our previous intrusion (PSN), we noticed another potential weak spot, so we took it all down just in case", and does not mention there was ANOTHER intrusion.
And even if there was another, people were actually there this time atleast, alert, and monitoring everything at the time of the intrusion this time.
So if they're lucky they shut it down before any major harm was done and might even have been able to track where it was coming from (seeing as the FBI and everything is involved).
I understood the same thing. I'm glad it's not just me.
Why is the FBI involved? Wouldn't it be the Japanese FBI equivalent?
Anyway, hacking to piss off Sony/SoE by messing up their sites is one thing. Hacking to get personal information of any sort is quite another! The first could be used to prove a point in a malicious way. The second is downright criminal, and I hope that whoever was doing it is caught.
I am pretty sure that it was done to sell on information more than anything else.
I think the best thing people can do is to not only warn their banks and reduce their online purchases for a little bit, so that any fraudulent activity can be caught more easily, but also to change any password for any other thing they have registered for that might be similar to what they use to log into the Station launcher, just to be safe. And of course, change the Station password ASAP once (if) the service is back up.
I'm not just concerned about the fact the hackers might have my CC info, name, birthdate, and email address, but also they might have my account password. If that's the case, they may attempt to break into my associated email account.
An this is not a front page in the top stories why?
"Civilized men are more discourteous than savages because they know they can be impolite without having their skulls split, as a general thing." Robert E. Howard, The Tower of the Elephant (1933)
I pray that this will be the final kick in the behind that Sony needs to finally make a clean sweep of upper management at SOE and bring in new people who might have some clue. How those guys have kept their jobs, while SOE has been in a multi-year death spiral as a result of bad management, is beyond comprehension.
Kinda funny, someone had "stolen" 1$ from my credit card and the bank girl said it was from SoE, hmm? Anyway, she had to lock the credit card, cuz she said it is common that hackers take out 1$ to see if the credit card is active. Thanks Sony, first the bad support for Vanguard, then my PSN and now my credit card in EQ2! You are now on my "bad-list".....
You should check your credit cards....I thought it would never happend me, but it did!
Originally posted by MurlockDance Originally posted by just2duh From the sounds of things, they just discovered a similar loop-hole as PSN's (Playstation Network) in all of their networks/systems, that could have been accessed in the same way, and just took it all down to be safe and get it all patched up.
The notice on Station.com basically says:
"During the investigation of our previous intrusion (PSN), we noticed another potential weak spot, so we took it all down just in case", and does not mention there was ANOTHER intrusion.
And even if there was another, people were actually there this time atleast, alert, and monitoring everything at the time of the intrusion this time.
So if they're lucky they shut it down before any major harm was done and might even have been able to track where it was coming from (seeing as the FBI and everything is involved).
Why is the FBI involved? Wouldn't it be the Japanese FBI equivalent? Nope, the US FBI is involved too, so is the British equivalent.
There are several Intelligence bureaus trying to take these hackers down, and failing of course because they don't know how to computer. All they can do is demand IPs and subpoena ISPs for account info. They don't really know anything about hacking.
As previously announced, we have been conducting an ongoing, thorough investigation stemming from the cyber attack in April and promised to notify you should there be any changes to the situation.
We issued a press release today outlining these details. We will promptly send a customer service notification via email to all of our impacted account holders whose customer data may have been stolen as a result of an illegal intrusion on our systems. This information was discovered less than 24 hours ago and in response, we took down our services until we could verify their security.
SOE is committed to delivering secure, stable and entertaining games for players of all ages and we're working around the clock to ensure this situation is resolved as quickly as possible. We deeply regret the inconvenience this has caused and appreciate your continued patience and feedback.
Sincerely,
Sony Online Entertainment
Customer Service Notification
May 2, 2011
Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.
Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained - we will be notifying each of those customers promptly.
There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
We apologize for the inconvenience caused by the attack and as a result, we have:
1) Temporarily turned off all SOE game services;
2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:
U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.
We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.
You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.
We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1 (866) 436-6698 should you have any additional questions.
oh this is just great. I just resubed to Station Access like 4 days ago and now this. not only all my personal info but likely my credit card info too. not to mention i cant even play the games I paid a 30$ sub for...
Watch your thoughts; they become words. Watch your words; they become actions. Watch your actions; they become habits. Watch your habits; they become character. Watch your character; it becomes your destiny. Lao-Tze
the hack hurts their customers worse than it could hurt the company in any way, i truly beleive hackers need the same penalties as terrorists....since they hurt the innocent more than anyone else.
oh this is just great. I just resubed to Station Access like 4 days ago and now this. not only all my personal info but likely my credit card info too. not to mention i cant even play the games I paid a 30$ sub for...
Read the statement kenze... 4-year old data is stolen. The database from 2007...
I'd say be glad they shut down SOE to prevent the hackers from getting to the more recent data and indeed get your 4-day old addition to their system as well...
For me, I'm now more than glad that I changed bank in April 2010 ;-)
oh this is just great. I just resubed to Station Access like 4 days ago and now this. not only all my personal info but likely my credit card info too. not to mention i cant even play the games I paid a 30$ sub for...
Read the statement kenze... 4-year old data is stolen. The database from 2007...
I'd say be glad they shut down SOE to prevent the hackers from getting to the more recent data and indeed get your 4-day old addition to their system as well...
For me, I'm now more than glad that I changed bank in April 2010 ;-)
no, i think you need to reread it. That 2007 bit says ..
Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained - we will be notifying each of those customers promptly.
thats in addition to what was stolen recently which was more recent Info.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
Watch your thoughts; they become words. Watch your words; they become actions. Watch your actions; they become habits. Watch your habits; they become character. Watch your character; it becomes your destiny. Lao-Tze
Yeah their announcement suggests there are older accounts that had further information possibily taken, not that new subscribers are fine. Not good.
"Because we all know the miracle patch fairy shows up the night before release and sprinkles magic dust on the server to make it allllll better." parrotpholk
oh this is just great. I just resubed to Station Access like 4 days ago and now this. not only all my personal info but likely my credit card info too. not to mention i cant even play the games I paid a 30$ sub for...
Read the statement kenze... 4-year old data is stolen. The database from 2007...
I'd say be glad they shut down SOE to prevent the hackers from getting to the more recent data and indeed get your 4-day old addition to their system as well...
For me, I'm now more than glad that I changed bank in April 2010 ;-)
no, i think you need to reread it. That 2007 bit says ..
Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained - we will be notifying each of those customers promptly.
thats in addition to what was stolen recently which was more recent Info.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
Might be 2 ways to read it. I read it as they investigated the hack and found aside from the security breach that only the 2007 data was taken. 'cause would it make sense to take a 2007 database with (most likely) outdate and expired creditcard data (my current CC is only valid for 4 years - issues 2010 ending somewhere 2014) when you have the current one already at your disposal..? IMO not. I think they stumbled on the 2007 database, took it and tried to get the actual one as well.
Ugh, good news for us is that the cc info wasn't stolen. Bad news is it has our private info, including usernames, and hash passwords. Hash passwords can be hacked so this means everybody should change their passwords when the servies go back up. It also wouldn't hurt to subscribe to credit monitoring so you get notified if something changes.
Ugh, good news for us is that the cc info wasn't stolen. Bad news is it has our private info, including usernames, and hash passwords. Hash passwords can be hacked so this means everybody should change their passwords when the servies go back up. It also wouldn't hurt to subscribe to credit monitoring so you get notified if something changes.
And Sony will reimburse for this monitoring of credit?
I'm just calling my credit card and telling them it was stolen .. takes about 2 weeks to get a new card andnew number
Ugh, good news for us is that the cc info wasn't stolen. Bad news is it has our private info, including usernames, and hash passwords. Hash passwords can be hacked so this means everybody should change their passwords when the servies go back up. It also wouldn't hurt to subscribe to credit monitoring so you get notified if something changes.
i hope the Cc info wasnt taken.. it says...
There is no evidence that our main credit card database was compromised.
However, they also said until today that NONE of the SOE network customers personal info was taken that PSN and SOE networks were completely seperate..yadda yadda yadda.. They are in PR spin mode for sure and will be as vague as possile with any official staements.
Watch your thoughts; they become words. Watch your words; they become actions. Watch your actions; they become habits. Watch your habits; they become character. Watch your character; it becomes your destiny. Lao-Tze
Ugh, good news for us is that the cc info wasn't stolen. Bad news is it has our private info, including usernames, and hash passwords. Hash passwords can be hacked so this means everybody should change their passwords when the servies go back up. It also wouldn't hurt to subscribe to credit monitoring so you get notified if something changes.
CC info was stolen - number and expiration date. Good thing no VCS code is attached, but still... Bad indeed that the whole name/address/phone base is stolen. Still not sure if it also includes recent data or that it's all 4 years old (I hope the latter)
Measures for us (users) to take are indeed a change of password the moment SOE comes back on, but how abut change of eMail address (if possible) and drop SOE mail for that address to auto-trashcan? I do it already for Blizzard mail, and it does save a lot of time and eMail shifting ;-)
Ugh, good news for us is that the cc info wasn't stolen. Bad news is it has our private info, including usernames, and hash passwords. Hash passwords can be hacked so this means everybody should change their passwords when the servies go back up. It also wouldn't hurt to subscribe to credit monitoring so you get notified if something changes.
And Sony will reimburse for this monitoring of credit?
I'm just calling my credit card and telling them it was stolen .. takes about 2 weeks to get a new card andnew number
In today's age where everything is online, you should want to subscribe to credit monitoring anyway. You can get a new credit card, but that still won't stop someone attempting to use your personal information such as your name, address, phone, date of birth, etc.. to try to obtain credit in your name. The only thing they're missing is your social security # before they can take out loans, obtain credit cards, setup bank accounts, etc..
You can setup credit monitoring for cheaper than your monthly subscription to these games. So not having it is simply lazy, especially if you are already spending $15 a month per game on these online games
CC info was stolen - number and expiration date. Good thing no VCS code is attached, but still... Bad indeed that the whole name/address/phone base is stolen. Still not sure if it also includes recent data or that it's all 4 years old (I hope the latter)
CC info was stolen for foreign customers, sorry I was speaking mostly about U.S. only.
Comments
From the sounds of things, they just discovered a similar loop-hole as PSN's (Playstation Network) in all of their networks/systems, that could have been accessed in the same way, and just took it all down to be safe and get it all patched up.
The notice on Station.com basically says:
"During the investigation of our previous intrusion (PSN), we noticed another potential weak spot, so we took it all down just in case", and does not mention there was ANOTHER intrusion.
And even if there was another, people were actually there this time atleast, alert, and monitoring everything at the time of the intrusion this time.
So if they're lucky they shut it down before any major harm was done and might even have been able to track where it was coming from (seeing as the FBI and everything is involved).
I will tell my bank to be on the look out for fraudulent attempts.
Thing is, with the card I've used there is an added security feature where verification for most online purchases is sent via SMS to my phone. Since they don't have my phone, it cuts down on some of the damage they can do. There is a second layer of protection in that the card is extremely limited by what can be done with it. They cannot spend that much on it even over a month. So no possibillity of them emptying my bank account.
It also depends on where in the world they would use my card. One thing you might not realize, if you don't budge from your country much, is that using a card online is not as easy as you think. If you try to use it in a country different from where you got the card and where your bank account is located, even within the EU, it usually doesn't work. There is only one site I use regularly that seems to let people do that and I kinda wish they didn't, but I know why they don't.
They could however charge up a heck of a lot of Station Cash on my EQ2 account...
Playing MUDs and MMOs since 1994.
Wow, judging by your excessive punctuation and caps, you are just loving the shit out of this aren't you? People possibly losing their livelihoods because of SOE gives you a rager I bet.
That's not long-distance. the 858 number is obviously Canada and US, while the others are for european players. Go ahead and call France and tell them you have an account question. They won't even have it on file there.
Yes luckily my girlfriend and me have severely limited the countries in which the credit card can be used. So hopefully that will mitigate the damage somewhat if our personal and financial information at SOE has been comprimised.
All in all it just pisses me off that almost 12 hours later and they still do not give any information!
Especially for us EU customers it is now almost 22:00 CET evening and it's just not that easy to go to sleep with all this going on right now and being totally kept in the dark by SOE !!
Really pisses me off!
Yes I am SOOOOOO enjoying it! Having all our personal and financial information stored at SOE and now possibly compromised!!
{mod edit}
omghax!
Banegrivm
Leader of the 1st Fist of Light
www.1stfistoflight.com
I understood the same thing. I'm glad it's not just me.
Why is the FBI involved? Wouldn't it be the Japanese FBI equivalent?
Anyway, hacking to piss off Sony/SoE by messing up their sites is one thing. Hacking to get personal information of any sort is quite another! The first could be used to prove a point in a malicious way. The second is downright criminal, and I hope that whoever was doing it is caught.
I am pretty sure that it was done to sell on information more than anything else.
I think the best thing people can do is to not only warn their banks and reduce their online purchases for a little bit, so that any fraudulent activity can be caught more easily, but also to change any password for any other thing they have registered for that might be similar to what they use to log into the Station launcher, just to be safe. And of course, change the Station password ASAP once (if) the service is back up.
I'm not just concerned about the fact the hackers might have my CC info, name, birthdate, and email address, but also they might have my account password. If that's the case, they may attempt to break into my associated email account.
Playing MUDs and MMOs since 1994.
An this is not a front page in the top stories why?
"Civilized men are more discourteous than savages because they know they can be impolite without having their skulls split, as a general thing." Robert E. Howard, The Tower of the Elephant (1933)
I pray that this will be the final kick in the behind that Sony needs to finally make a clean sweep of upper management at SOE and bring in new people who might have some clue. How those guys have kept their jobs, while SOE has been in a multi-year death spiral as a result of bad management, is beyond comprehension.
Want to know more about GW2 and why there is so much buzz? Start here: Guild Wars 2 Mass Info for the Uninitiated
SOE might be going the same route of lengthy downtime as PSN:
http://www.bluefrost.net/forum/viewtopic.php?f=4&t=364&p=753#p753
I hope the FBI will be able to track these Anonymous idiots down fast and put them out of their misery!
Kinda funny, someone had "stolen" 1$ from my credit card and the bank girl said it was from SoE, hmm? Anyway, she had to lock the credit card, cuz she said it is common that hackers take out 1$ to see if the credit card is active. Thanks Sony, first the bad support for Vanguard, then my PSN and now my credit card in EQ2! You are now on my "bad-list".....
You should check your credit cards....I thought it would never happend me, but it did!
Nope, the US FBI is involved too, so is the British equivalent.
There are several Intelligence bureaus trying to take these hackers down, and failing of course because they don't know how to computer. All they can do is demand IPs and subpoena ISPs for account info. They don't really know anything about hacking.
Official announcement from SOE (via twitter):
As previously announced, we have been conducting an ongoing, thorough investigation stemming from the cyber attack in April and promised to notify you should there be any changes to the situation.
We issued a press release today outlining these details. We will promptly send a customer service notification via email to all of our impacted account holders whose customer data may have been stolen as a result of an illegal intrusion on our systems. This information was discovered less than 24 hours ago and in response, we took down our services until we could verify their security.
SOE is committed to delivering secure, stable and entertaining games for players of all ages and we're working around the clock to ensure this situation is resolved as quickly as possible. We deeply regret the inconvenience this has caused and appreciate your continued patience and feedback.
Sincerely,
Sony Online Entertainment
Customer Service Notification
May 2, 2011
Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.
Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained - we will be notifying each of those customers promptly.
There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
We apologize for the inconvenience caused by the attack and as a result, we have:
1) Temporarily turned off all SOE game services;
2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:
U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.
We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.
Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.
We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1 (866) 436-6698 should you have any additional questions.
Sincerely,
Sony Online Entertainment LLC
oh this is just great. I just resubed to Station Access like 4 days ago and now this. not only all my personal info but likely my credit card info too. not to mention i cant even play the games I paid a 30$ sub for...
Watch your thoughts; they become words.
Watch your words; they become actions.
Watch your actions; they become habits.
Watch your habits; they become character.
Watch your character; it becomes your destiny.
Lao-Tze
the hack hurts their customers worse than it could hurt the company in any way, i truly beleive hackers need the same penalties as terrorists....since they hurt the innocent more than anyone else.
Read the statement kenze... 4-year old data is stolen. The database from 2007...
I'd say be glad they shut down SOE to prevent the hackers from getting to the more recent data and indeed get your 4-day old addition to their system as well...
For me, I'm now more than glad that I changed bank in April 2010 ;-)
no, i think you need to reread it. That 2007 bit says ..
Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained - we will be notifying each of those customers promptly.
thats in addition to what was stolen recently which was more recent Info.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
Watch your thoughts; they become words.
Watch your words; they become actions.
Watch your actions; they become habits.
Watch your habits; they become character.
Watch your character; it becomes your destiny.
Lao-Tze
Yeah their announcement suggests there are older accounts that had further information possibily taken, not that new subscribers are fine. Not good.
"Because we all know the miracle patch fairy shows up the night before release and sprinkles magic dust on the server to make it allllll better." parrotpholk
Might be 2 ways to read it. I read it as they investigated the hack and found aside from the security breach that only the 2007 data was taken. 'cause would it make sense to take a 2007 database with (most likely) outdate and expired creditcard data (my current CC is only valid for 4 years - issues 2010 ending somewhere 2014) when you have the current one already at your disposal..? IMO not. I think they stumbled on the 2007 database, took it and tried to get the actual one as well.
Ugh, good news for us is that the cc info wasn't stolen. Bad news is it has our private info, including usernames, and hash passwords. Hash passwords can be hacked so this means everybody should change their passwords when the servies go back up. It also wouldn't hurt to subscribe to credit monitoring so you get notified if something changes.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
And Sony will reimburse for this monitoring of credit?
I'm just calling my credit card and telling them it was stolen .. takes about 2 weeks to get a new card andnew number
i hope the Cc info wasnt taken.. it says...
There is no evidence that our main credit card database was compromised.
However, they also said until today that NONE of the SOE network customers personal info was taken that PSN and SOE networks were completely seperate..yadda yadda yadda.. They are in PR spin mode for sure and will be as vague as possile with any official staements.
Watch your thoughts; they become words.
Watch your words; they become actions.
Watch your actions; they become habits.
Watch your habits; they become character.
Watch your character; it becomes your destiny.
Lao-Tze
CC info was stolen - number and expiration date. Good thing no VCS code is attached, but still... Bad indeed that the whole name/address/phone base is stolen. Still not sure if it also includes recent data or that it's all 4 years old (I hope the latter)
Measures for us (users) to take are indeed a change of password the moment SOE comes back on, but how abut change of eMail address (if possible) and drop SOE mail for that address to auto-trashcan? I do it already for Blizzard mail, and it does save a lot of time and eMail shifting ;-)
In today's age where everything is online, you should want to subscribe to credit monitoring anyway. You can get a new credit card, but that still won't stop someone attempting to use your personal information such as your name, address, phone, date of birth, etc.. to try to obtain credit in your name. The only thing they're missing is your social security # before they can take out loans, obtain credit cards, setup bank accounts, etc..
You can setup credit monitoring for cheaper than your monthly subscription to these games. So not having it is simply lazy, especially if you are already spending $15 a month per game on these online games
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
CC info was stolen for foreign customers, sorry I was speaking mostly about U.S. only.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO