Sony admitted that hackers broke into its PlayStation Network online gaming network made off with the personal information of more than 77 million members in what would be one of the largest reported data breaches in history.
A message posted on the PlayStation Network Web site informed customers that the thieves like obtained the name, address, e-mail address, birthdate and PlayStation Network and Qriocity password and login. They may also have obtained financial information including customers’ billing address and account security questions and answers may have been taken. Sony, which is working with “an outside, recognized security firm” said it doesn’t have evidence that credit card data attached to members’ accounts was stolen but “we cannot rule out that possibility.”
The news came less than a week after Sony first detected the breach and took its PlayStation Network offline. The company had been mum about the extent of the breach while it investigated the incident.
With 70 million members, the PlayStation Network breach is the fifth largest ever, according to Datalossdb.org. Sony advised customers who had given their credit card to PlayStation Network or Qriocity were advised to watch out for email, phone or mail scams seeking personal information and to change their account password as soon as the PlayStation Network is restored.
The company has provided the names of affected customers to U.S. credit bureaus and offered credit fraud monitoring services to them.
In the meantime, Sony says it has a “clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.”
Speculation about the attack has focused on Anonymous, the loose collective of hackers and online mischief makers. Although the group has denied responsibility for the breach, Sony had been a target of Anonymous denial of service attacks in retaliation of the company’s legal actions against hackers who have cracked content protection technology for its PS3 and other products.