Approx 12,700 non-US customer card numbers and expiration dates stolen from SOE

Zeouterlimits

Dear god.
http://www.soe.com/securityupdate/

Customer Service Notification
May 2, 2011

Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained - we will be notifying each of those customers promptly.

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.

We apologize for the inconvenience caused by the attack and as a result, we have:

1) Temporarily turned off all SOE game services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.

We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1 (866) 436-6698 should you have any additional questions.
Sincerely,

Sony Online Entertainment LLC

Posted it in Games as SOE games are on PC too, not just Playstation Platforms.
Can't believe this happened.

Overheal

I can.

cherryghost

PR hell. It's a complete farce and unacceptable. It's been almost two weeks since the incident and for the few people that had faith in Sony and declaring that they'll keep ther CC details with them has just had egg thrown in their face.

Well ****ing done, Sony. Well ****ing done.

Chefburns

cherryghost wrote: »

PR hell. It's a complete farce and unacceptable. It's been almost two weeks since the incident and for the few people that had faith in Sony and declaring that they'll keep ther CC details with them has just had egg thrown in their face.

Well ****ing done, Sony. Well ****ing done.

well this seems to be something that they have only discovered recently still poor show

Headshot

Man this is such an embarrassment to gaming industry and I think sony will never recover from this

keithc83

It's definitely going to take something incredible for Sony to fully recover from this and get the gamers to believe in them again. I guess we will have to wait and see what happens from here.

richymcdermott

i heard sony said they pay for consumers cc if anything stolen, but i have to agree sony going to take a huge hit consumers are going to switch shift, but not me luckly i dont use a cc

IrishMactire

And now for some words from someone completely biased:

I used to love Sony. I still play my PlayStation Original... But I am so, SO glad that nowadays I play X-box and pay for my live content, so that I don't have to endure nonsense like Sony puts its users through.

K.O.Kiki

>Watches Sony stock go down
>In a few months, everything is back to normal
>Meh

"Sony will never recover from this" my arse.
It takes more than this to take down a global conglomerate.

12'700 out of 77'000'000 is 0.0165% of the total userbase.

Don't blow this sh*t out of all proportions.

Paparazzo

2007? Nice one, I'm safe!

yammycat

I wonder could this have been industrial sabotage by a competitor, imagine how many people who were going to buy a ps3 will be buying a competing platform instead.

IrishMactire

yammycat wrote: »

I wonder could this have been industrial sabotage by a competitor, imagine how many people who were going to buy a ps3 will be buying a competing platform instead.

No.

A competitor would not do something like this. It is a risk to gain thing. This will hurt Sony quite a bit but if said competitor was caught doing this sort of sabotage it would do so SO much damage to them.

yammycat

K.O.Kiki wrote: »

12'700 out of 77'000'000 is 0.0165% of the total userbase.

the % is irrelevant, just the fact it happened will make people buy xbox instead

richymcdermott

K.O.Kiki wrote: »

>Watches Sony stock go down
>In a few months, everything is back to normal
>Meh

"Sony will never recover from this" my arse.
It takes more than this to take down a global conglomerate.

12'700 out of 77'000'000 is 0.0165% of the total userbase.

Don't blow this sh*t out of all proportions.

consumers trust can hurt them more dude

IrishMactire

K.O.Kiki wrote: »

>Watches Sony stock go down
>In a few months, everything is back to normal
>Meh

"Sony will never recover from this" my arse.
It takes more than this to take down a global conglomerate.

12'700 out of 77'000'000 is 0.0165% of the total userbase.

Don't blow this sh*t out of all proportions.

I agree that we shouldn't blow this out of proportion but that is exactly what people will do and that is why it will hurt Sony. Also in your calculation of percentages you forgot to include all the U.S customers harmed by all this. The 12,700 is just non-U.S customers known to have been harmed in this latest revelation.

This will hurt Sony, not as much as some people seem to think it will but certainly more than you seem to think it will..... Still I'm glad to see someone trying to base an opinion on fact instead of just throwing out whatever comes into there heads (... like me xD ).

Grayditch

Thread title needs to be amended to 'MAY HAVE BEEN' stolen.

jaykhunter

K.O.Kiki wrote: »

>Watches Sony stock go down
>In a few months, everything is back to normal
>Meh

Sony will never recover from this" my arse.
It takes more than this to take down a global conglomerate.

Absolutely.

K.O.Kiki wrote: »

12'700 out of 77'000'000 is 0.0165% of the total userbase.

Don't blow this sh*t out of all proportions.

1 credit card is too many. It's the whole safety that's been compromised, regardless if you're affected.

What bothers me is that people seem placated by a few dollars of bandwidth on PS+ (useless IMO) and their music service that they're trying to hock anyway. Personal Info from 77,000 and 10,000+ CCs (and now add 12,000+ on top of that) and they say "sorry" with this pissant of a gesture?

God's sake Sony. You deserve worse media coverage than what you're getting. This is an unbelievable breach of trust. I can't think of anything worse a company can say to it's customers ("we gave out your personal details, eh better check your CC statement just in case").

Might not be the worst time to buy some Sony stock

keithc83

keithc83 wrote: »

It's definitely going to take something incredible for Sony to fully recover from this and get the gamers to believe in them again. I guess we will have to wait and see what happens from here.

That's OTT IMO.

To buy a game and play online, I don't need to give credit card details.

To buy junk extras from the PSN I do(and then again most use PSN cards or pre paid credit cards), but they are just that... needless extra's.

You do get the odd decent game or DLC, but 99% of people don't even buy anything from there, so this won't have much of an impact on Sony.

Not to the doomsday proportions you're signalling.

yammycat wrote: »

the % is irrelevant, just the fact it happened will make people buy xbox instead

No it won't, lol.

People buy the consoles for the games and extras, not for DLC off the store.... also considering you can use PSN cards, it makes the whole thing irrelevant.

Toyota had to recall cars because they had defective breaks, putting users lives at risk..... yet you don't see anyone shying away from their products.

Anyone I know what a PS isn't talking about the CC details. they just want to know when the PSN is back online to start playing again

Notorious

yammycat wrote: »

the % is irrelevant, just the fact it happened will make people buy xbox instead

Well I've yet to hear of a single person who decided to get an xbox because of the recent Sony scandal. Irish people are still buying and upgrading their PS3s.

Mr E

I know people can try and justify how this won't damage Sony, people can use PSN cards, its only old cards that are affected, its only 0.0165% of the userbase etc. but the bottom line here is a trust issue.

People are going to think twice about buying stuff from PSN, and that's going to hurt developers like Titan Studios, Hello Games and Thatgamecompany (who are all loyal and exclusive to Sony).

eddhorse

Mr E wrote: »

I know people can try and justify how this won't damage Sony, people can use PSN cards, its only old cards that are affected, its only 0.0165% of the userbase etc. but the bottom line here is a trust issue.

People are going to think twice about buying stuff from PSN, and that's going to hurt developers like Titan Studios, Hello Games and Thatgamecompany (who are all loyal and exclusive to Sony).

Great point, i wont be as quick to throw my details onto it when it eventually comes back.... saying that there are other websites out there that have probably leaked my info at some stage or another, this is just on a massive scale.

Antar Bolaeisk

Hang on, SOE affects Planetside and Everquest right?

2smiggy

i play the ps3 , and the only thing that bothers me is that the network is down. trust issues bla bla bla. it could happen any website. i have used my credit card on many sites over the years, and all i do is keep my eye on my statements. if there is anything dodgy i would report it to the bank. its not a big deal.

as for the (possible) stolen CC details, should not have happened, but they are from 2007 , and CC would now be out of date.

this is not mainly sonys fault, its the fault of some saddos , still living with there mothers , who think they are brillant for annoying 70m people who might want to play games online on the ps3.

Magill

lol at some of the over-reactions !! Jesus....

They're quite clearly not going to lose any serious amount of their customer base, at worst it'll give sony a kick up the arse, they've increased their security and in the end will come out a lot stronger for it. Will this whole thing make me think twice about buying a PS3 game ? No, Will it stop me using a CC on PSN ? No... trust issues my hole. Their is always PSN cards, does the same job at the end of the day.

Antar Bolaeisk

Antar Bolaeisk wrote: »

Hang on, SOE affects Planetside and Everquest right?

Yep, this does affect all of Sony's MMOs.

marco_polo

Wait so this SOE security breech is an entirely seperate to the PSN hack? Epic fail Sony :eek:.

http://www.siliconrepublic.com/strategy/item/21613-latest-cyber-attack-on-sony/

Morag

I got that email for a defunct SOE account for the orginal Everquest.
They have really really fúcked up.

Fnz

2smiggy wrote: »

trust issues bla bla bla. it could happen any website. i have used my credit card on many sites over the years, and all i do is keep my eye on my statements. if there is anything dodgy i would report it to the bank. its not a big deal.

as for the (possible) stolen CC details, should not have happened, but they are from 2007 , and CC would now be out of date.

this is not mainly sonys fault, its the fault of some saddos , still living with there mothers , who think they are brillant for annoying 70m people who might want to play games online on the ps3.

You're right! Why waste money securing data. Sony should just leave their customers' private data outside Sony HQ with a sign saying "stealing is illegal". If it happens again you can just cast aspersions on the thieves responsible! :rolleyes:

2smiggy

Fnz wrote: »

You're right! Why waste money securing data. Sony should just leave their customers' private data outside Sony HQ with a sign saying "stealing is illegal". If it happens again you can just cast aspersions on the thieves responsible! :rolleyes:

what exactly do you know about sonys security ? enlighten me please. this could have happened to any company. just happens some group of people (with a very good knowledge of computers) took a dislike to sony. hope they catch and jail them.

ps :rolleyes:

PogMoThoin

Sony are now on my avoid list along with Creative for their complete disregard for their customers. Not one more cent will they ever get from me

Venom

IrishMactire wrote: »

I agree that we shouldn't blow this out of proportion but that is exactly what people will do and that is why it will hurt Sony. Also in your calculation of percentages you forgot to include all the U.S customers harmed by all this. The 12,700 is just non-U.S customers known to have been harmed in this latest revelation.

This will hurt Sony, not as much as some people seem to think it will but certainly more than you seem to think it will..... Still I'm glad to see someone trying to base an opinion on fact instead of just throwing out whatever comes into there heads (... like me xD ).

This news story will hurt Sony for less than a week when the next breaking news story hits the media. Sony's SOE division have had a terrible rep in the MMO community for years with players avoiding there game like the plague and it sadly hasn't effected how the company treats its customer.

Warhammer online had a major screwup last year when monthly subscribers got hit with an insane amount of subscription fees in one month with some people hit for up to 5k + banking fees. It all blew over despite the many shouts of it being the end of Mythic :rolleyes:

Antar Bolaeisk

marco_polo wrote: »

Wait so this SOE security breech is an entirely seperate to the PSN hack? Epic fail Sony :eek:.

http://www.siliconrepublic.com/strategy/item/21613-latest-cyber-attack-on-sony/

Yep, it now affects PC gamers who have subscribed to any of the SOE services (though from the looks of things only those who subscribed pre-2007) as well as those affected on PS3.

richymcdermott

This is bad for soe , they already recently closed down few studis and aload of people lost their jobs

jaykhunter

When do you think you'll you be comfortable using your Credit Card to buy things on PSN? (6 months, a year, straight away?)

CombatCow

Straight away, people are overreacting to this way to much, everyone will forget this in a few weeks when their headshotting their friends in COD :rolleyes:

marco_polo

2smiggy wrote: »

what exactly do you know about sonys security ? enlighten me please. this could have happened to any company. just happens some group of people (with a very good knowledge of computers) took a dislike to sony. hope they catch and jail them.

ps :rolleyes:

Aside from the fact that it happened to two seperate sony networks, since groups of people (with a very good knowledge of computers) do not routinely walk off with potentially up to 100m users personal details from other online provideds, is reason enough to concludethat Sonys security is not all that it might be.

Antar Bolaeisk wrote: »

Yep, it now affects PC gamers who have subscribed to any of the SOE services (though from the looks of things only those who subscribed pre-2007) as well as those affected on PS3.

The financial data was outdated but not the rest of the information was not as I understand.

To those (not you) screaming overraction, sure it is no big deal for a persons full name, email, telephone numbers, address and mothers maiden name and god knows what else to be floating about in cyberspace, sure what could anybody possibly do with that information?

Antar Bolaeisk

marco_polo wrote: »

Aside from the fact that it happened to two seperate sony networks, since groups of people (with a very good knowledge of computers) do not routinely walk off with potentially up to 100m users personal details from other online provideds, is reason enough to concludethat Sonys security is not all that it might be.

Weren't the PS3 details available as plaintext, no hash encryption or anything, once the initial system encryption was overcome?

Magill

Antar Bolaeisk wrote: »

Weren't the PS3 details available as plaintext, no hash encryption or anything, once the initial system encryption was overcome?

no.

ShiverinEskimo

When they sort this out SOE will probably be the safest place in the world for a while to store credit card information.

Just like a bank ATM that was discovered to have a skimming device in it is probably the safest ATM to use.

Sony will fix this and anyone raging over the downtime etc. will get back to playing and not caring and normal life will resume. Sony were found installing rootkits in PCs a couple of years ago from music CDs which left a major security hole in Windows and nobody cared about that.

marco_polo

Antar Bolaeisk wrote: »

Weren't the PS3 details available as plaintext, no hash encryption or anything, once the initial system encryption was overcome?

Only passwords would be every be hashed, which they were according to Sony. And well hashed passwords should be all but useless to any hacker. Anything else stored in the database would up for grabs if you manages to gain access to it though.

me-skywalker

K.O.Kiki wrote: »

"Sony will never recover from this" my arse.
It takes more than this to take down a global conglomerate.

This is bigger than the gaming industry. This is an organised and well executed hack. They only pciekd Sony because Sony p*ssed them off. What happens when Ticketmaster/Amazon/Paypal p*ss them off.. bye bye more then 77million personal details, credit card details...

This is just the tip of the berg if they really wanted to shatter confidence they woudl either 1) Use the details or 2) Hit a bigger more middle-friendly market, since the fact that well more than 77million peopel use security sites through online banking and Paypal etc etc

Overheal

PogMoThoin wrote: »

Sony are now on my avoid list along with Creative for their complete disregard for their customers. Not one more cent will they ever get from me

Ohhhhhh yeeahhh.... I remember those guys. And guess who I havent seen with a single product on a retail shelf in quite a few years...you should check out their stock history, especially 2005:

http://www.google.com/finance?q=PINK:CREAF

On March 22, 2005, The Inquirer reported that Creative Labs had agreed to settle in a class action lawsuit that was filed because of the way its Audigy and Extigy soundcards were marketed. Creative has offered customers who purchased the cards up to a $62.50 reduction on the cost of their next purchase with Creative, while the lawyers involved in filing the dispute against Creative will receive payment of approximately $470,000.[9]

In 2007, Creative voluntarily delisted itself from NASDAQ, which had the symbol of CREAF.[10] Its stocks are now solely on the Singapore Exchange (SGX-ST). In early 2008, Creative Labs' technical support center, located in Stillwater, Oklahoma, laid off several technical support staff, furthering ongoing concerns surrounding Creative's financial situation.


The company has basically been in declining revenue ever since.

marco_polo

me-skywalker wrote: »

This is bigger than the gaming industry. This is an organised and well executed hack. They only pciekd Sony because Sony p*ssed them off. What happens when Ticketmaster/Amazon/Paypal p*ss them off.. bye bye more then 77million personal details, credit card details...

This is just the tip of the berg if they really wanted to shatter confidence they woudl either 1) Use the details or 2) Hit a bigger more middle-friendly market, since the fact that well more than 77million peopel use security sites through online banking and Paypal etc etc

Do you honestly believe that the network defenses of Ticketmaster/Amazon/Paypal are not being probed by hackers 24/7?

Potential-Monke

Ok, so it's fairly bad that this happened, but it happened. I'm sure the same people could do the exact same to XBL if they wanted, but Sony done something to them and this is a big FU to them. Won't stop me using PSN or my Debit Card online (CC's are evil!).

Ciaran500

me-skywalker wrote: »

This is bigger than the gaming industry. This is an organised and well executed hack. They only pciekd Sony because Sony p*ssed them off. What happens when Ticketmaster/Amazon/Paypal p*ss them off.. bye bye more then 77million personal details, credit card details...

This is nothing to do with Anon and didn't happen cause they pissed them off. This is more likely a group that spotted a possible way in and used it. Doesn't matter what company it was, a hole was found.

Ok, so it's fairly bad that this happened, but it happened. I'm sure the same people could do the exact same to XBL if they wanted, but Sony done something to them and this is a big FU to them.

You make it sound like these groups are roaming the internet doing as they please, thats bull. If they could hack anything they wanted they would, theres millions to be made from breaking into any of the huge systems and they sure as hell would do it in an instant if they could.

ShadowHearth

I think cork red fm had some facts wrong this morning... They said that hackers got 25milion cc details... Which is not very believable.

It will be a good hit at ps3, but it will hardly kill it... I really hope it wount effect much Sony as if Microsoft will feel monopoly then all gamers will be ****ed....

mcgovern

ShadowHearth wrote: »

I think cork red fm had some facts wrong this morning... They said that hackers got 25milion cc details... Which is not very believable.

It will be a good hit at ps3, but it will hardly kill it... I really hope it wount effect much Sony as if Microsoft will feel monopoly then all gamers will be ****ed....

I think the 25 million is the number of SOE accounts. As far as I know, this is completely seperate to the PS3 intrusion. And as others have said, this is not related to anon or Sony pissing people off, it's solely about Sony having bad security and people making money off that. I'd assume/hope that Microsoft spend some of my live fees on network security, which just makes it seem a better deal. I had my credit card details on PS3 and I've still not received one personal communication from Sony, not an e-mail, nothing.

ShadowHearth

mcgovern wrote: »

I think the 25 million is the number of SOE accounts. As far as I know, this is completely seperate to the PS3 intrusion. And as others have said, this is not related to anon or Sony pissing people off, it's solely about Sony having bad security and people making money off that. I'd assume/hope that Microsoft spend some of my live fees on network security, which just makes it seem a better deal. I had my credit card details on PS3 and I've still not received one personal communication from Sony, not an e-mail, nothing.

I don't have cc on psn and they sent me a message ages ago...

I just hope sony will recover as soon as possible from this.... I don't want to see NGp delayed

me-skywalker

Ciaran500 wrote: »

This is nothing to do with Anon and didn't happen cause they pissed them off. This is more likely a group that spotted a possible way in and used it. Doesn't matter what company it was, a hole was found.

eeeh... it was Anon!

cherryghost

me-skywalker wrote: »

eeeh... it was Anon!

Eh perhaps not. Sony have hired detectives to track down the culprits. :rolleyes:

marco_polo

me-skywalker wrote: »

eeeh... it was Anon!

http://www.techwatch.co.uk/2011/05/02/sony-clarifies-anonymous-not-responsible-for-psn-hacking/