Sony Computer Entertainment has issued an update on last week's "external intrusion" on its PlayStation Network, an attack that forced the network offline and may have exposed the personal information of millions of members.
On the company's PlayStation.blog, senior director of corporate communications Patrick Seybold writes that the PlayStation maker will be "taking steps to make our services safer and more secure than ever before."
That includes "a new system software update that will require all users to change their password once PlayStation Network is restored." Presumably, that software update will come to both the PSP and PlayStation 3 within the week. Currently, PSN accounts are locked out of the system, making a change to personal information and passwords impossible.
Furthermore, Sony says it is "initiating several measures that will significantly enhance all aspects of PlayStation Network's security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway."
Sony writes that it still plans to have its PlayStation Network back online by next week, offering the caveat "we want to be very clear that we will only restore operations when we are confident that the network is secure."
For PSN account holders who may be concerned about the damage already done to their personal information or credit cards, Sony offers the following updates.
On the safety of your personal and financial information...
The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
On the credit card details that PlayStation Network and Qriocity do and do not store...
While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.
Additional details (and what appears to be bordering on an apology) can be found at the PlayStation.blog.
Q&A #1 for PlayStation Network and Qriocity Services [PlayStation.blog]
A security breach in the Playstation Network by still unidentified hackers resulted in stolen personal information, Sony confirmed today. Sony says while personal information was likely stolen they don't believe credit card numbers were and that they hope to have the Playstation Network service... More »
While Sony discovered that hackers had broken into their Playstation Network on April 19, it wasn't until nearly a week later that the company understood the full scope of the breach, a Sony official tells Kotaku. More »
No arrests have been made connected to the Playstation outage, Kotaku has confirmed, despite a story making the rounds that claims FBI and others have issues warrants and made arrests. Speaking to the FBI this morning, Kotaku confirmed there have been no arrests in the U.S. The story, which seemed... More »
United States senator Richard Blumenthal is hopping mad-or in his words, "troubled"-by the lack of clear and timely communication from Sony over last week's PlayStation Network "intrusion." And he's got the sternly worded letter to prove it. The attack on Sony's PlayStation Network and... More »
It has been almost a week since Playstation Network went offline because of an external intrusion. Since Sony's still relatively quiet on the details of what happened and how it will impact us. More »