Sony Computer Entertainment has issued an update on last week's "external intrusion" on its PlayStation Network, an attack that forced the network offline and may have exposed the personal information of millions of members.
On the company's PlayStation.blog, senior director of corporate communications Patrick Seybold writes that the PlayStation maker will be "taking steps to make our services safer and more secure than ever before."
That includes "a new system software update that will require all users to change their password once PlayStation Network is restored." Presumably, that software update will come to both the PSP and PlayStation 3 within the week. Currently, PSN accounts are locked out of the system, making a change to personal information and passwords impossible.
Furthermore, Sony says it is "initiating several measures that will significantly enhance all aspects of PlayStation Network's security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway."
Sony writes that it still plans to have its PlayStation Network back online by next week, offering the caveat "we want to be very clear that we will only restore operations when we are confident that the network is secure."
For PSN account holders who may be concerned about the damage already done to their personal information or credit cards, Sony offers the following updates.
On the safety of your personal and financial information...
The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
On the credit card details that PlayStation Network and Qriocity do and do not store...
While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.
Additional details (and what appears to be bordering on an apology) can be found at the PlayStation.blog.
Q&A #1 for PlayStation Network and Qriocity Services [PlayStation.blog]