PlayStation Network outage

The PlayStation Network outage was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were stolen and prevented users of PlayStation 3 and PlayStation Portable consoles from playing online through the service.[1][2][3][4] The attack occurred between April 17, 2011 and April 19, 2011,[1] forcing Sony to turn off the PlayStation Network on April 20, 2011. On May 4, 2011, Sony confirmed that individual pieces of personally identifiable information from each of the 77 million accounts appeared to have been stolen.[5] The outage lasted for approximately 23 days.[6]

At the time of the outage, with a count of 77 million registered PlayStation Network accounts,[7] data theft of personally identifiable information would make it one of the largest data security breaches in history.[8][9] This would surpass the TJX hack in 2007 which affected 45 million customers.[10] Government officials in various countries have voiced concern at failing to protect customers' personal details and Sony's belated warning that user details could have been obtained in the security breach—nearly a week after the initial external intrusion.

Sony stated on April 26 that it was attempting to get online services running again "within a week".[11] On May 14, 2011, Sony released PlayStation 3 firmware version 3.61 as a security patch. The firmware required users to change their password upon signing into the PlayStation Network. At the time the firmware was released, the PlayStation Network was still offline and in preparation to be brought back online.[12] Regional restoration was announced by Kazuo Hirai in a video from PlayStation.[13] A map of regional restoration and the network within the United States was shared as the service was being brought back online.[14]

Contents

Timeline of the outage

On April 20, 2011, Sony acknowledged on the official PlayStation Blog that it was "aware certain functions of the PlayStation Network" were down. Upon attempting to sign in to the PlayStation Network via the PlayStation 3, users would receive the message indicating that the PlayStation Network is "undergoing maintenance".[15][16] The following day, Sony asked its customers for patience while the cause of downtime was being investigated and stated that it may take "a full day or two" to get the service fully functional again.[17]

The company later explained that an "external intrusion" had affected the PlayStation Network and Qriocity services.[18] This intrusion had occurred between April 17 and April 19. On April 20, Sony had suspended all PlayStation Network and Qriocity services worldwide, causing the outage.[19] Sony expressed their regrets for the downtime and called the task of re-building the system time consuming. This, however, would lead to a stronger network infrastructure and additional security.[20] On April 25, Sony's Senior Director of Corporate Communications & Social Media, Patrick Seybold, reiterated on the PlayStation Blog that fixing and enhancing the network was a "time intensive" process with no currently available ETA.[21] However, the next day Sony stated that there was a "clear path to have PlayStation Network and Qriocity systems back online", with some services expected to be restored within a week. Furthermore, Sony stated that there had been a "compromise of personal information as a result of an illegal intrusion on our systems."[22]

On May 1, 2011, Sony announced a "Welcome Back" program for customers affected by the outage. The company also confirmed that some PSN and Qriocity services would be available during the first week of May.[23][24] The list of services expected to become available included:[25]

  • Restoration of Online game-play across the PlayStation 3 (PS3) and PSP (PlayStation Portable) systems
  • This includes titles requiring online verification and downloaded games
  • Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers
  • Access to account management and password reset
  • Access to download un-expired Movie Rentals on PS3, PSP and MediaGo
  • PlayStation Home
  • Friends List
  • Chat Functionality

On May 2, 2011, Sony issued a press release, according to which the Sony Online Entertainment services had been taken offline for maintenance due to potentially related activities during the initial criminal hack that caused the PlayStation Network outage. Over 12,000 credit card numbers from non-U.S. cardholders and additional information from 24.7 million SOE accounts may have been stolen.[26][27]

During the week, Sony sent a written letter to the US House of Representatives, answering questions and concerns about the event.[28] In the letter Sony announced that they would be providing Identity Theft insurance polices in the amount of $1 million USD per user of the PlayStation Network and Qriocity services despite no reports of credit card fraud being indicated. This was later confirmed on the PlayStation Blog, where it was announced that the service, AllClear ID Plus powered by Debix, would available to users in the United States free for 12 months, and is to include internet surveillance, complete identity repair in the event of theft and a $1 million ID theft insurance policy for each user.[29][30]

On May 6, 2011, Sony stated they had begun "final stages of internal testing" for the PlayStation Network, which had been rebuilt.[31] However, the following day Sony reported that they would not be able to bring PSN services back online within the one-week timeframe given on May 1, because "the extent of the attack on Sony Online Entertainment servers" had not been known at the time.[32] Sony Online Entertainment confirmed by means of their Twitter account that their games would not be available until some undisclosed time after the weekend.[33]

At the same time, reports from Reuters began reporting the event as "the biggest Internet security break-in ever"[34] with more direct answers from the Corporation in which a Sony spokesperson said:[35]

On May 15, 2011, various PlayStation Network services began being brought back online on a country-by-country basis, starting with North America.[36] These services include: sign-in for PSN and Qriocity services (including password resetting), online game-play on PS3 and PSP, playback of rental video content, Music Unlimited service (PS3 and PC), access to third party services (such as Netflix, Hulu, Vudu and MLB.tv), friends list, chat functionality and PlayStation Home.[36] This accompanies a firmware update for the PS3, version 3.61.[37] However, as of May 15, 2011, reinstatement of the service in Japan and East Asia has not yet been approved.[38]

On May 18, 2011, SCE shut down the password reset page on their site following the discovery of an exploit in the system,[39] which allowed users to reset other users' passwords, as long as they knew the email address and date of birth of the user.[40] Sign-in using PSN details to various other Sony websites was also disabled, but console sign-ins were not affected.[39]

On May 23, 2011 Sony stated that the costs of the PlayStation Network outage were $171 million.[41]

Sony response

US House of Representatives

Sony reported on the May 4, 2011, to the PlayStation Blog[42] that:

Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, submitted written answers to questions posed by the United States House subcommittee about the large-scale, criminal cyber-attack we have experienced.

Sony relayed during the letters that:

In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles:

  1. Act with care and caution.
  2. Provide relevant information to the public when it has been verified.
  3. Take responsibility for our obligations to our customers.
  4. Work with law enforcement authorities.

We also informed the subcommittee of the following:
  • Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
  • We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
  • By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.
  • As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
  • Protecting individuals’ personal data is the highest priority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
  • We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.

Explanation of delays

Sony explained on the PlayStation Blog why it took so long to inform PSN users of the data theft:[43]

There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.

Sony investigation

Possible data theft meant that Sony provided an update in regards to a criminal investigation in a blog posted on April 27, 2011: "We are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible."[44]

On April 3, 2011, Sony Computer Entertainment CEO Kazuo Hirai reiterated this and said the "external intrusion" which had caused them to shut down the PlayStation Network constituted a "criminal cyber attack".[45] Hirai expanded further, claiming that Sony systems had been under attack prior to the PlayStation Network outage "for the past month and half", suggesting a concerted attempt to target Sony.[46]

On May 4, 2011, Sony announced that it was adding another company to the investigation team. Data Forte will join Guidance Software and Protiviti in analysing the attacks. Legal aspects of the case will be handled by law firm Baker & McKenzie.[47] Sony stated their belief that Anonymous, or some portion thereof, may have set the stage for the attack.[48] Anonymous denied involvement.[49]

Upon learning that a breach had occurred to the PlayStation Network, Sony launched an internal investigation. Sony reported, in its letter to the United States Congress:

One of our first calls was to the FBI, and this is an active, on-going investigation.[50]

Additional details were provided as follows:

Have you identified how the breach occurred?

Yes, we believe so. Sony Network Entertainment America is continuing its investigation into this criminal intrusion, and more detailed information could be discovered during this process. We are reluctant to make full details publicly available because the information is the subject of an on-going criminal investigation and also the information could be used to exploit vulnerabilities in systems other than Sony's that have similar architecture to the PlayStation Network.

Inability to use PlayStation 3 content

While remaining offline, the PlayStation 3 was unable to play certain Capcom titles that were downloaded from the PlayStation Store.[51] Streaming video providers throughout different regions such as Hulu, Vudu, Netflix and LoveFilm are noted to be inaccessible displaying the same maintenance message, although some users have claimed to have been able to still use Netflix's streaming service.[52]

Criticism of Sony's handling of the incident

Delayed warning of possible data theft

On April 26, 2011, nearly a week after the Network was temporarily disabled, Sony confirmed that it "cannot rule out the possibility"[53] that personally identifiable information such as PlayStation Network account username, password, home address, and email address had been compromised. Sony also mentioned the possibility of credit card data being obtained after claiming that encryption had been placed on the databases, which would partially satisfy PCI Compliance for storing credit card information on a server.

Subsequent to the announcement in both the official blog and by e-mail, PlayStation Network users were asked to safeguard credit card transactions by checking bank statements. This warning came nearly a week after the initial "external intrusion" and when the Network was turned off.[54]

Some disputed this explanation and queried that if Sony deemed the situation so severe that they had to turn off the PlayStation Network on April 20, 2011, Sony should have subsequently warned users of possible data theft rather than on April 26, 2011.[55] Concerns have been raised over both violations of PCI Compliance and failure to notify users immediately following breach of security involving financial information and credit card data. US Senator Richard Blumenthal wrote to Sony Computer Entertainment America CEO Jack Tretton questioning Sony why it took so long to inform users that personal details could have been obtained through unauthorized means.[56]

Sony stated in their letter to the subcommittee:

Your statement indicated you have no evidence at this time that credit card information was obtained, yet you cannot rule out this possibility. Please explain why you do not believe credit card information was obtained and why you cannot determine if the data was in fact taken.

As stated above, Sony Network Entertainment America has not been able to conclude with certainty through the forensic analysis done to date that credit card information was not transferred from the PlayStation Network system. We know that for other personal information contained in the account database, the hacker made queries to the database, and the external forensics teams have seen large amounts of data transferred in response to those queries. Our forensics teams have not seen the queries and corresponding data transfers of the credit card information.

Unencrypted personal details

Credit card data was encrypted, but Sony admitted that other user information was not encrypted at the time of the intrusion.[44][57] The Daily Telegraph reported that "If the provider stores passwords unencrypted, then it's very easy for somebody else – not just an external attacker, but members of staff or contractors working on Sony's site – to get access and discover those passwords, potentially using them for nefarious means."[58] On May 2, Sony clarified the "unencrypted" status of users' passwords, stating that:[59]

While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form.

Sony Online Entertainment outage

On May 3, 2011, Sony stated in a press release that there may be a correlation between the same attack that had occurred on April 16, 2011, towards the PlayStation Network which resulted in the Sony Online Entertainment servers being compromised and taken offline on the previous day.[26] This portion of the attack resulted in the theft of information on 24.6 million Sony Online Entertainment account holders. The database contained 12,700 credit card numbers, particularly those of non-U.S. cardholders, and had not been in use since 2007 as much of the data contained within applies to expired cards and accounts that have been deleted. Sony updated this information the following day by stating that only 900 cards on the database were still live.[60] The discovery of this attack resulted in the suspension of Sony Online Entertainment servers as well as SOE Facebook games. Sony Online Entertainment has already stated that they plan to grant 30 days of free time, plus a day for each day the server is down, to users of Clone Wars Adventures, DC Universe Online, EverQuest, EverQuest II, EverQuest Online Adventures, Free Realms, Pirates of the Burning Sea, PlanetSide, Poxnora, Star Wars Galaxies, and Vanguard: Saga of Heroes, as well as other forms of compensation for all other Sony Online games.[61][62][63]

Security experts Eugene Lapidous of AnchorFree, Chester Wisniewski of Sophos Canada and Avner Levin of Ryerson University criticized Sony, questioning its methods of securing and storing user data. Lapidous called the breach "difficult to excuse" and Wisniewski called it "an act of hubris or simply gross incompetence".[64][65][66][67]

Sony Pictures Entertainment website hacking

The Sony website SonyPictures.com was hacked on 2 June 2011, with unencrypted passwords and personal information of Sony customers within the website's database being discovered by the hackers.[68]

Reaction

Compensation to users

Sony has stated that they will be hosting special events after the PlayStation Network is brought back online. Sony has also stated they have plans for PS3 versions of DC Universe Online and Free Realms to help alleviate some of their losses. Sony is currently evaluating ways to show their appreciation towards their users who do not play MMOGs for their patience with them during the outage.[69] In a press conference in Tokyo on May 1, Sony announced a "Welcome Back" program for users when the service is restored. As well as "selected PlayStation entertainment content" the program promises to include 30 days free membership of PlayStation Plus for all PSN members, existing PlayStation Plus members will receive an additional 30 days added to their subscription, Qriocity subscribers also receive 30 days. Sony also promised other content and services over the coming weeks.[24] Sony also offered one year free identity theft protection to all users with details forthcoming.

Hulu has also given notice that they will be compensating PlayStation 3 users for the inability to use their service during the outage. They are offering one week of service compensatory to all Hulu Plus members.[70]

On May 16, 2011, Sony announced that two PlayStation 3 games and two PSP games would be offered for free from lists of five and four (respectively) once the PlayStation Store has regained functionality.[71][72] The games available varies by region[71][72] and are only available in countries which have access to the PlayStation Store.[72] On May 27, 2011, Sony announced the "welcome back" package for Japan[73] and the Asia region (Hong Kong, Singapore, Malaysia, Thailand and Indonesia).[74] In the Asia region, a theme - Dokodemo Issyo Spring Theme - will be offered for free in addition to the games available in the "welcome back" package.[74]

^† 5 PSP games are offered in the Japanese market.[73]

PS3 games available by region
Game North America[71] Europe (non-Germany)[72] Germany[72] Asia[74] Japan[73]
Wipeout HD/Fury Yes Yes Yes Yes Yes
LittleBigPlanet Yes Yes Yes No No
InFamous Yes Yes No No No
Dead Nation Yes Yes No No No
Super Stardust HD Yes No Yes No No
Ratchet & Clank: Quest for Booty No Yes Yes No No
Hustle Kings No No Yes Yes Yes
The Last Guy No No No Yes Yes
Trashbox No No No Yes No
Come on, LocoRoco!! BuuBuu Cocoreccho No No No Yes Yes
Echochrome: Overture No No No No Yes
PSP games available by region
Game North America[71] Europe (non-Germany)[72] Germany[72] Asia[74] Japan[73]
LittleBigPlanet PSP Yes Yes Yes Yes Yes
ModNation Racers PSP Yes Yes Yes Yes No
Pursuit Force Yes Yes No No No
Killzone Liberation Yes Yes No No No
Everybody's Golf 2 No No Yes No No
Buzz Junior Jungle Party No No Yes No No
Everybody's Stress Buster No No No Yes Yes
Locoroco Midnight Carnival No No No Yes Yes
Patapon 2 No No No No Yes
What Did I Do To Deserve This, My Lord? No No No No Yes

^‡ Killzone Liberation will not offer online gameplay functionality.[72]

Government reaction

The revealing of possible data theft concerned authorities around the world. Graham Cluley, senior technology consultant at Sophos, said that the breach "certainly ranks as one of the biggest data losses ever to affect individuals".[75] The British Information Commissioner's Office stated that Sony will be questioned,[76] and that an investigation will take place to discover whether Sony had taken adequate precautions to protect customer details.[77] If found in breach of the UK's Data Protection Act, Sony could face fines of up to £500,000.[76] The Privacy Commissioner of Canada, Jennifer Stoddart confirmed that the Canadian authorities would investigate the incident, and the Commissioner's office conveyed their concern as to why the authorities in Canada weren't informed of a security breach earlier.[78] US Senator Richard Blumenthal of Connecticut demanded answers from Sony about the data breach[79] by emailing SECA CEO Jack Tretton arguing about the delay in informing its customers and insisting that Sony do more for its customers than just offer free credit reporting services. Senator Blumenthal later called for an investigation of the breach to be launched by the US Department of Justice to find the person or persons responsible for the breach and to determine if Sony may be liable for the way that it handled the situation.[80] Congresswoman Mary Bono Mack and Congressman G. K. Butterfield sent a letter to Sony, demanding information on when the breach was discovered and how the crisis will be handled.[81] Sony had been asked to testify before a congressional hearing on security and to answer questions about the breach of security on May 2, 2011 but sent a letter response instead which answered the subcommittee's questions.

Legal action against Sony

A lawsuit was posted on April 27, 2011, by Kristopher Johns from Birmingham, Alabama on behalf of all PlayStation users alleging Sony "failed to encrypt data and establish adequate firewalls to handle a server intrusion contingency, failed to provide prompt and adequate warnings of security breaches, and unreasonably delayed in bringing the PSN service back online."[82][83] According to the complaint filed in the lawsuit, Sony has failed to notify members of a possible security breach and storing members' credit card information,[84] a violation of PCI Compliance—the digital security standard for the Payment Card Industry.

Another lawsuit was filed in Canada by Natasha Maksimovic and claims damages up to C$1 billion which includes free credit monitoring and identity theft insurance.[85] It was filed against Sony USA, Sony Canada and Sony Japan. The plaintiff in the case is quoted as saying: "If you can't trust a huge multi-national corporation like Sony to protect your private information, who can you trust? It appears to me that Sony focuses more on protecting its games than its PlayStation users".[86]

Credit card fraud

As of May 2011, there have been no verifiable reports of credit card fraud related to the PlayStation Network outage. There have been reports from the Internet that some PlayStation users have experienced credit card fraud;[87][88][89] however, these reported fraud cases have yet to be linked to the incident. Users who have registered a credit card for use only with Sony have also reported credit card fraud.[90] Sony has claimed that the CSC codes requested by their services were not stored,[91] but it has been suggested that the hackers may have been able to decrypt or record credit card details while inside Sony's network.[87]

Sony stated in their letter to the subcommittee:

How many PlayStation Network account holders provided credit card information to Sony Computer Entertainment?

Globally, approximately 12.3 million account holders had credit card information on file on the PlayStation Network system. In the United States, approximately 5.6 million account holders had credit card information on file on the system. These numbers include active and expired credit cards.

As of today, the major credit card companies have not reported that they have seen any increase in the number of fraudulent credit card transactions as a result of the attack, and they have not reported to us any fraudulent transactions that they believe are a direct result of the intrusions described above.

On May 5, a letter from United States Sony Corporation of America CEO and President Sir Howard Stringer further emphasized that there had been no evidence of credit card fraud and that a $1 million dollar identity theft insurance policy would be available to PSN and Qriocity users:[30]

To date, there is no confirmed evidence any credit card or personal information has been misused, and we continue to monitor the situation closely. We are also moving ahead with plans to help protect our customers from identity theft around the world. A program for U.S. PlayStation Network and Qriocity customers that includes a $1 million identity theft insurance policy per user was launched earlier today and announcements for other regions will be coming soon.

Change to Terms and Conditions

It has been suggested that a change to the PSN Terms and Conditions announced on September 15, 2011 has been motivated by the large damages from class action suits against Sony resulting from the hack and subsequent network outage, so as to minimise the financial losses to the company in future.[92] Using the PlayStation Network now requires users to agree to terms and conditions which include a clause (Section 15) where the user gives up their right (to join together as a group in a Class action) to sue Sony over any future security breaches.[93][94] This also includes any ongoing class action suits initiated prior to the August 20, 2011.[92]

Another clause, which theoretically removes a user's right to trial by jury, if the user does opt out of the clause (done by sending a letter to Sony), says:[92]

If the Class Action Waiver clause is found to be illegal or unenforceable, this entire Section 15 will be unenforceable, and the dispute will be decided by a court and you and the Sony Entity you have a dispute with each agree to waive in that instance, to the fullest extent allowed by law, any trial by jury.

References

  1. ^ a b "PlayStation Network Restoration Begins". PlayStation Network / PSN News. United Kingdom: Sony. 2011-05-17. http://uk.playstation.com/psn/news/articles/detail/item369506/PSN-Qriocity-Service-Update/. Retrieved 2011-10-20. 
  2. ^ "Sony faces legal action over attack on PlayStation network". BBC News (bbc.co.uk). 2011-04-28. http://www.bbc.co.uk/news/technology-13192359. Retrieved 2011-04-29. 
  3. ^ Richmond, Shane (2011-04-26). "Millions of internet users hit by massive Sony PlayStation data theft". London: Telegraph. http://www.telegraph.co.uk/technology/news/8475728/Millions-of-internet-users-hit-by-massive-Sony-PlayStation-data-theft.html. Retrieved 2011-04-29. 
  4. ^ Griffith, Chris (2011-04-27). "PlayStation users in Australia urged to check credit card activity". Australian IT. The Australian. http://www.theaustralian.com.au/australian-it/exec-tech/playstation-users-in-australia-urged-to-check-credit-card-activity/story-e6frgazf-1226045582897. Retrieved 2011-11-20. 
  5. ^ "Kazuo Hirai's Letter to the U.S. House of Representatives". a photo set by Flickr user PlayStation.Blog. Flickr. 2011-05-03. http://www.flickr.com/photos/playstationblog/sets/72157626521862165/. Retrieved 2011-10-20. "Information appears to have been stolen from all PlayStation Network user accounts, although not every piece of information in those accounts appears to have been stolen, [...] The criminal intruders stole personal information from all of the approximately 77 million PlayStation Network and Qriocity service accounts." 
  6. ^ Owen Good (2011-05-20). "Welcome Back PSN: The Winners". Kotaku.com. http://kotaku.com/5804318/. Retrieved 2011-06-02. 
  7. ^ "PlayStation Network and Qriocity Outage FAQ – PlayStation.Blog.Europe". Blog.eu.playstation.com. http://blog.eu.playstation.com/2011/04/28/playstation-network-and-qriocity-outage-faq/. Retrieved 2011-04-29. 
  8. ^ Posted: Apr 27, 2011 10:56 AM ET (2011-04-27). "PlayStation data breach deemed in 'top 5 ever' - Business - CBC News". Cbc.ca. http://www.cbc.ca/news/business/story/2011/04/27/technology-playstation-data-breach.html. Retrieved 2011-04-29. 
  9. ^ "Video: Sony PlayStation - Hacker Breaks Into Network And Steals Details Of Millions Of Gamers | Technology | Sky News". News.sky.com. http://news.sky.com/home/technology/article/15979992. Retrieved 2011-04-29. 
  10. ^ 2:11PM BST 27 Apr 2011 Comments (2011-04-27). "PlayStation hack: top five data thefts". London: Telegraph. http://www.telegraph.co.uk/technology/sony/8476757/PlayStation-hack-top-five-data-thefts.html. Retrieved 2011-04-29. 
  11. ^ "PlayStation Network down for seventh day". ComputerAndVideoGames.com. 2011-04-27. http://www.computerandvideogames.com/299454/playstation-network-down-for-seventh-day/. Retrieved 2011-04-29. 
  12. ^ "PS3 System Software Update – PlayStation Blog". Blog.us.playstation.com. 2010-12-20. http://blog.us.playstation.com/2011/05/14/ps3-system-software-update/. Retrieved 2011-05-16. 
  13. ^ "Kazuo Hirai: PlayStation Network Restoration Announcement – PlayStation Blog". Blog.us.playstation.com. 2010-12-20. http://blog.us.playstation.com/2011/05/14/kazuo-hirai-playstation-network-relaunch-announcement/. Retrieved 2011-05-16. 
  14. ^ Seybold, Patrick (2011 [last update]). "Play On – PSN Restoration Begins Now – PlayStation Blog". blog.us.playstation.com. http://blog.us.playstation.com/2011/05/14/play-on-%E2%80%93-psn-restoration-begins-now/. Retrieved 16 May 2011. 
  15. ^ "Update on PSN Service Outages". United States: PlayStation Blog. 2011-04-20. http://blog.us.playstation.com/2011/04/20/update-on-psn-service-outages-2/. Retrieved 2011-04-29. 
  16. ^ "Timeline of Sony's PlayStation Network outage". hken.ibtimes.com. 2011-05-15. http://hken.ibtimes.com/articles/145875/20110515/timeline-of-sony-s-playstation-network-outage.htm. Retrieved 2011-05-15. 
  17. ^ "Latest Update on PSN Outage". United States: PlayStation Blog. 2011-04-21. http://blog.us.playstation.com/2011/04/21/latest-update-on-psn-outage/. Retrieved 2011-04-29. 
  18. ^ "Update On PlayStation Network/Qriocity Services". United States: PlayStation Blog. 2011-04-22. http://blog.us.playstation.com/2011/04/22/update-on-playstation-network-qriocity-services/. Retrieved 2011-04-29. 
  19. ^ "PlayStation® Knowledge Center | Support - PlayStation.com". us.playstation.com. 2011-01-10. http://us.playstation.com/support/answer/index.htm?a_id=2356. Retrieved 2011-04-29. 
  20. ^ "Latest Update for PSN/Qriocity Services – PlayStation Blog". Blog.us.playstation.com. 2011-04-23. http://blog.us.playstation.com/2011/04/23/latest-update-for-psnqriocity-services/. Retrieved 2011-04-29. 
  21. ^ "PSN Update – PlayStation Blog". Blog.us.playstation.com. 2011-04-25. http://blog.us.playstation.com/2011/04/25/psn-update/. Retrieved 2011-04-29. 
  22. ^ "Update on PlayStation Network and Qriocity – PlayStation Blog". Blog.us.playstation.com. 2011-04-19. http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/. Retrieved 2011-04-29. 
  23. ^ "Some PlayStation Network And Qriocity Services To Be Available This Week – PlayStation.Blog.Europe". Blog.eu.playstation.com. http://blog.eu.playstation.com/2011/05/01/some-playstation-network-and-qriocity-services-to-be-available-this-week/. Retrieved 2011-05-01. 
  24. ^ a b Yin-Poole, Wesley (2011-05-01). "PSN: Sony outlines "Welcome Back" gifts". PlayStation 3 (United Kingdom: Eurogamer). http://www.eurogamer.net/articles/2011-05-01-psn-sony-outlines-welcome-back-gifts. Retrieved 2011-10-20. 
  25. ^ "Some PlayStation Network And Qriocity Services To Be Available This Week – PlayStation.Blog.Europe". Blog.eu.playstation.com. http://blog.eu.playstation.com/2011/05/01/some-playstation-network-and-qriocity-services-to-be-available-this-week/. Retrieved 2011-05-07. 
  26. ^ a b "Service Under Maintenance". SOE. 2010-03-31. http://www.soe.com/securityupdate/pressrelease.vm. Retrieved 2011-05-04. 
  27. ^ "Sony Confirms Thousands Of Credit Cards Stolen During Hack - GameInformer News". gameinformer.com. 2011-05-02. http://www.gameinformer.com/b/news/archive/2011/05/02/thousands-of-credit-cards-stolen-during-second-sony-hack.aspx. Retrieved 2011-05-02. 
  28. ^ "Sony’s Response to the U.S. House of Representatives – PlayStation Blog". Blog.us.playstation.com. 2010-12-20. http://blog.us.playstation.com/2011/05/04/sonys-response-to-the-u-s-house-of-representatives/. Retrieved 2011-05-07. 
  29. ^ "Sony Offering Free ‘AllClear ID Plus’ Identity Theft Protection in the United States through Debix, Inc. – PlayStation Blog". Blog.us.playstation.com. http://blog.us.playstation.com/2011/05/05/sony-offering-free-allclear-id-plus-identity-theft-protection-in-the-united-states-through-debix-inc/. Retrieved 2011-05-07. 
  30. ^ a b "A Letter from Howard Stringer – PlayStation Blog". Blog.us.playstation.com. 2010-12-20. http://blog.us.playstation.com/2011/05/05/a-letter-from-howard-stringer/. Retrieved 2011-05-07. 
  31. ^ "Important Step for Service Restoration – PlayStation.Blog.Europe". Blog.eu.playstation.com. 2011-05-06. http://blog.eu.playstation.com/2011/05/06/important-step-for-service-restoration/. Retrieved 2011-05-07. 
  32. ^ JC Fletcher (2011-05-06). "PSN reactivation delayed for 'further testing,' likely not coming back this week". Joystiq. http://www.joystiq.com/2011/05/06/psn-reactivation-delayed-for-further-testing-not-coming-back/. Retrieved 2011-05-07. 
  33. ^ "Twitter / @Sony Online Ent.: We wanted to let you know ...". twitter.com. 2011 [last update]. http://twitter.com/#!/SonyOnline/status/66671981101199360. Retrieved 16 May 2011. 
  34. ^ Reynolds, Isabel (2011-05-06). "Sony CEO apologises for data theft; shares fall 2 pct". Reuters. http://www.reuters.com/article/2011/05/06/uk-sony-idUKLNE74505420110506?type=companyNews. Retrieved 2011-05-07. 
  35. ^ "Sony says has removed data stolen by hackers and posted online - Entertainment - The Arts - TODAY.com". Today.msnbc.msn.com. 2011-05-03. http://today.msnbc.msn.com/id/33978506/ns/today-entertainment/t/sony-says-has-removed-data-stolen-hackers-posted-online. Retrieved 2011-05-07. 
  36. ^ a b "Sony Global - News Releases - RESTORATION OF PLAYSTATION®NETWORK AND QRIOCITY SERVICES BEGINS". Sony. May 15, 2011. http://www.sony.net/SonyInfo/News/Press/201105/11-0515E/index.html. Retrieved May 15, 2011. 
  37. ^ "PS3 System Software Update - PlayStation Blog". PlayStation Blog. May 14, 2011. http://blog.us.playstation.com/2011/05/14/ps3-system-software-update/. Retrieved May 15, 2011. 
  38. ^ Mochizuki, Takashi (2010-04-07). "Japan Restart of Sony Online Games Services Not Yet Approved". FoxBusiness.com. http://www.foxbusiness.com/industries/2011/05/15/japan-restart-sony-online-games-services-approved/. Retrieved 2011-06-02. 
  39. ^ a b "Sony's PSN password page exploit". Eurogamer. May 18, 2011. http://www.eurogamer.net/articles/2011-05-18-sonys-psn-password-page-hacked. Retrieved May 18, 2011. 
  40. ^ "Report: Sony PlayStation Network Password Reset Page Exploited, Customer Accounts Potentially Compromised". Kotaku. May 18, 2011. http://kotaku.com/5803050/. Retrieved May 18, 2011. 
  41. ^ "PlayStation Hack to Cost Sony $171M; Quake Costs Far Higher". PC Magazine. May 23, 2011. http://www.pcmag.com/article2/0,2817,2385790,00.asp. 
  42. ^ "Sony’s Response to the U.S. House of Representatives – PlayStation Blog". Blog.us.playstation.com. http://blog.us.playstation.com/2011/05/04/sonys-response-to-the-u-s-house-of-representatives/. Retrieved 2011-05-05. 
  43. ^ "Clarifying a Few PSN Points – PlayStation Blog". Blog.us.playstation.com. 2011-04-26. http://blog.us.playstation.com/2011/04/26/clarifying-a-few-psn-points/. Retrieved 2011-05-07. 
  44. ^ a b "Q&A #1 for PlayStation Network and Qriocity Services – PlayStation Blog". Blog.us.playstation.com. 2010-12-20. http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/. Retrieved 2011-04-29. 
  45. ^ Watt, Peggy (30 April 2011). "Sony: PlayStation Network Resumes This Week". pcworld.com. http://www.pcworld.com/article/226795/sony_playstation_network_resumes_this_week.html. Retrieved 2 May 2011. 
  46. ^ Fletcher, JC (2011-05-01). "PSN 'welcome back program' includes a free download, 30 days free PlayStation Plus, Qriocity". joystiq.com. http://www.joystiq.com/2011/05/01/psn-outage-plus-qriocity-free/. Retrieved 2011-05-02. 
  47. ^ "Another team added to Sony’s PSN investigation". VG247. http://www.vg247.com/2011/05/04/another-team-added-to-sonys-psn-investigation/. Retrieved 2011-05-04. 
  48. ^ Bartz, Diane (2011-04-26). "Sony blames Anonymous for stage-setting theft". Reuters. http://www.reuters.com/article/2011/05/04/us-sony-idUSTRE73R0Q320110504. Retrieved 2011-05-04. 
  49. ^ "Hackers deny involvement in PlayStation Network outage". http://venturebeat.com/2011/04/22/as-playstation-network-outage-continues-hackers-deny-involvement/. Retrieved June 9, 2011. 
  50. ^ Edwards, Cliff (2011-04-26). "PlayStation Hackers May Have Stolen Data on 75 Million Users, Sony Says". Bloomberg. http://www.bloomberg.com/news/2011-04-26/sony-says-network-hackers-may-have-stolen-users-personal-data.html. Retrieved 2011-04-29. 
  51. ^ "News - Opinion: Sony's Communication Problem". Gamasutra. http://www.gamasutra.com/view/news/34240/Opinion_Sonys_Communication_Problem.php. Retrieved 2011-04-29. 
  52. ^ "PlayStation Network Outage Bad News for Netflix and Hulu: Online Video News". Gigaom.com. http://gigaom.com/video/playstation-network-outage-bad-news-for-netflix-hulu/. Retrieved 2011-04-29. 
  53. ^ "BBC News - Sony's PlayStation hack apology". Bbc.co.uk. 2011-04-19. http://www.bbc.co.uk/news/technology-13206004. Retrieved 2011-04-29. 
  54. ^ Reynolds, Isabel (2009-02-09). "Furore at Sony after Playstation user data stolen". Reuters. http://www.reuters.com/article/2011/04/27/uk-sony-stolendata-idUKTRE73Q0F720110427. Retrieved 2011-04-29. 
  55. ^ "Sony defends notification delay in data fiasco | Security | News". PC Pro. http://www.pcpro.co.uk/news/security/367027/sony-defends-notification-delay-in-data-fiasco. Retrieved 2011-04-29. 
  56. ^ "Senator: Lack of details on PlayStation Network outage 'troubling' - Game Hunters: In search of video games and interactive awesomeness - USATODAY.com". Content.usatoday.com. 2011-01-04. http://content.usatoday.com/communities/gamehunters/post/2011/04/senator-lack-of-details-on-playstation-network-outage-troubling/1. Retrieved 2011-04-29. 
  57. ^ Stuart, Keith (2011-04-27). "PlayStation Network hack: why it took Sony seven days to tell the world | Technology | guardian.co.uk". London: Guardian. http://www.guardian.co.uk/technology/gamesblog/2011/apr/27/playstation-network-hack-sony. Retrieved 2011-04-29. 
  58. ^ Williams, Christopher (2011-04-28). "PlayStation hack: Sony users urged to change passwords". London: Telegraph. http://www.telegraph.co.uk/technology/sony/8478404/PlayStation-hack-Sony-users-urged-to-change-passwords.html. Retrieved 2011-04-29. 
  59. ^ "PlayStation Network Security Update – PlayStation Blog". Blog.us.playstation.com. 2011-05-02. http://blog.us.playstation.com/2011/05/02/playstation-network-security-update//. Retrieved 2011-05-07. 
  60. ^ "24.6 million SOE accounts potentially compromised". News (gamesindustry.biz). 2011-03-21. http://www.gamesindustry.biz/articles/2011-05-03-24-6-million-soe-accounts-potentially-compromised. Retrieved 2011-05-04. 
  61. ^ "EverQuest Down". Progression Server. 2011-05-02. http://www.fippydarkpaw.com/forums/viewtopic.php?t=1070. Retrieved 2011-05-02. 
  62. ^
  63. ^ "Security Update". Sony Online Entertainment. 2011-05-02. http://www.soe.com/securityupdate/. Retrieved 2011-05-02. 
  64. ^ Brightman, James (2011-05-03). "Sony Breach 'Difficult to Excuse' Say Security Experts". IndustryGamers. http://www.industrygamers.com/news/sony-breach-difficult-to-excuse-say-security-experts/. Retrieved 2011-05-05. 
  65. ^ Chung, Emily (2011-05-03). "Sony data breach update reveals 'bad practices'". CBC News. http://www.cbc.ca/news/business/story/2011/05/03/sony-data-breach-playstation.html. Retrieved 2011-05-05. 
  66. ^ Westervelt, Robert (2011-05-03). "Sony attack: Sony expands scope of its massive data security breach". SearchSecurity.com. http://searchsecurity.techtarget.com/news/2240035422/Sony-attack-Sony-expands-scope-of-its-massive-data-security-breach. Retrieved 2011-05-05. 
  67. ^ Schwartz, Matthew J. (2011-05-03). "Sony Reports 24.5 Million More Accounts Hacked". InformationWeek. http://www.informationweek.com/news/security/attacks/229402656. Retrieved 2011-05-05. 
  68. ^ "Sony investigating another hack". BBC News. 2011-06-02. http://www.bbc.co.uk/news/business-13636704. Retrieved 2011-06-03. 
  69. ^ Sony Computer Entertainment America (2011-04-28). "Q&A #2 for Playstation Network and Qriocity". playstation.com. http://blog.us.playstation.com/2011/04/28/qa-2-for-playstation-network-and-qriocity-services/. Retrieved 2011-04-29. 
  70. ^ Jackson, Leah (2011-04-27). "Hulu Offering Free Credit For PS3 Subscribers". TheFeed (G4tv.com). http://www.g4tv.com/thefeed/blog/post/712202/hulu-offering-free-credit-for-ps3-subscribers/. Retrieved 2011-10-20. 
  71. ^ a b c d "Details for PlayStation Network and Qriocity Customer Appreciation Program in North America". PlayStation Blog. May 16, 2011. http://blog.us.playstation.com/2011/05/16/details-for-playstation-network-and-qriocity-customer-appreciation-program-in-north-america/. Retrieved May 17, 2011. 
  72. ^ a b c d e f g h "Details Of The Welcome Back Programme For SCEE Users". PlayStation Blog. May 16, 2011. http://blog.eu.playstation.com/2011/05/16/details-of-the-welcome-back-programme-for-scee-users-2/. Retrieved May 17, 2011. 
  73. ^ a b c d "PlayStation®Network・Qriocity™(キュリオシティ)の一部サービス  日本およびアジアの国・地域でも再開" (in Japanese). SCEJ. 27 May 2011. http://cdn.jp.playstation.com/msg/nr_20110527_psn_qriocity.html. Retrieved 20 October 2011. 
  74. ^ a b c d "Welcome Back Package for Hong Kong, Singapore, Malaysia, Thailand and Indonesia". PlayStation.com. 27 May 2011. http://asia.playstation.com/id/en/news/latestNewsDetail/227416. Retrieved 28 May 2011. 
  75. ^ Richmond, Shane (April 26, 2011). "Millions of internet users hit by massive Sony PlayStation data theft". London: Telegraph. http://www.telegraph.co.uk/technology/news/8475728/Millions-of-internet-users-hit-by-massive-Sony-PlayStation-data-theft.html. Retrieved April 29, 2011. 
  76. ^ a b Williams, Christopher (2011-04-27). "PlayStation hack: Sony faces watchdog's questions". London: Telegraph. http://www.telegraph.co.uk/technology/sony/8476441/PlayStation-hack-Sony-faces-watchdogs-questions.html. Retrieved 2011-04-29. 
  77. ^ Wesley Yin-Poole. "ICO confirms it will quiz Sony over PSN News - PlayStation 3 - Page 1". Eurogamer.net. http://www.eurogamer.net/articles/2011-04-27-ico-confirms-it-will-quiz-sony-over-psn. Retrieved 2011-04-29. 
  78. ^ "Privacy Commissioner's office looking into Sony PlayStation hack". Canada.com. http://www.canada.com/life/Privacy+Commissioner+office+investigate+Sony+PlayStation+hack/4684627/story.html#ixzz1KlAZpsAq. Retrieved 2011-04-29. 
  79. ^ "Blumenthal Demands Answers from Sony over Playstation Data Breach". Richard Blumenthal-US senator for Connecticut: Home. http://blumenthal.senate.gov/press/release/index.cfm?id=82698973-255D-4B92-9E18-39E5937C9361. Retrieved 2011-04-26. 
  80. ^ "Blumenthal Calls for DOJ Investigation of Sony Playstation Data Breach". Richard Blumenthal-US senator for Connecticut: Home. http://blumenthal.senate.gov/press/release/index.cfm?id=7BEBFD12-FFDD-40C2-BA5F-C50C7C9D9E09. Retrieved 2011-04-29. 
  81. ^ "US lawmakers press Sony for info on data breach". Associated Press. 2011-04-29. http://www.abc2news.com/dpp/news/national/us-lawmakers-press-sony-for-info-on-data-breach. Retrieved 2011-04-30. 
  82. ^ Ogg, Erica (2011-03-24). "Sony sued for PlayStation Network data breach | Circuit Breaker - CNET News". News.cnet.com. http://news.cnet.com/8301-31021_3-20057921-260.html. Retrieved 2011-04-29. 
  83. ^ "Johns v. Sony Computer Entertainment America LLC et al". Justia. 2011-05-03. http://dockets.justia.com/docket/california/candce/3:2011cv02063/240051/. Retrieved 2011-05-03. 
  84. ^ Schwartz, Mathew J.. "Sony Sued Over PlayStation Network Hack". InformationWeek. http://www.informationweek.com/news/security/attacks/229402362. Retrieved 2011-04-29. 
  85. ^ "Canadian Law Firm Files $1 Billion Lawsuit Against Sony Over PSN Data Breach". Gamastura. 2011-05-04. http://www.gamasutra.com/view/news/34499/Canadian_Law_Firm_Files_1_Billion_Class_Action_Lawsuit_Against_Sony_Over_PSN_Data_Breach.php. Retrieved 2011-05-04. 
  86. ^ "Sony PlayStation Network Down: PSN Hit with $1.04B Class Action Suit". Gather. 2011-05-04. http://business.gather.com/viewArticle.action?articleId=281474979289837. Retrieved 2011-05-04. 
  87. ^ a b "PlayStation users reporting credit card fraud". http://www.pcworld.com/article/226775/playstation_network_users_reporting_credit_card_fraud.html. Retrieved April 30, 2011. 
  88. ^ "Hackers run up debt for PlayStation user". http://www.abc.net.au/news/2011-04-28/hackers-run-up-debt-for-playstation-user/2695706. Retrieved April 30, 2011. 
  89. ^ Arthur, Charles (2011-04-29). "Hackers claim to have 2.2 million card details". The Guardian (London). http://www.guardian.co.uk/technology/blog/2011/apr/29/playstation-network-hackers-credit-cards. Retrieved April 30, 2011. 
  90. ^ "Ars readers report credit card fraud". http://arstechnica.com/gaming/news/2011/04/ars-readers-report-credit-card-fraud-blame-sony.ars. Retrieved April 30, 2011. 
  91. ^ "Q&A #1 for PlayStation Network and Qriocity Services – PlayStation Blog". blog.us.playstation.com. 2011 [last update]. http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/. Retrieved 16 May 2011. 
  92. ^ a b c "New Sony Terms of Service Ban Class Action Lawsuits, Is that Legal?". 15 September 2011. http://www.gamersdailynews.com/story-25130-New-Sony-Terms-of-Service-Ban-Class-Action-Lawsuits-Is-that-Legal.html. 
  93. ^ "Sony asks gamers to sign new terms or face PSN ban". 16 September 2011. http://www.bbc.co.uk/news/technology-14948701. 
  94. ^ "Sony's 'No-Sue' PlayStation Network Use Clause is Anti-Consumer". 19 Spetember 2011. http://www.pcworld.com/article/240213/sonys_nosue_playstation_network_use_clause_is_anticonsumer.html. 
Hacking in 2010s
Incidents
Groups/Individuals
Worms/Viruses
Accessories
Software
Network
Games
Media
Other
Home consoles
Handhelds
Games
Retail
Downloadable
Re-releases
Network
PlayStation Store · PlayStation Home · 2011 outage · Qore · FirstPlay · VidZone
PSP-only
Others
Controllers
First-party
Third-party
Cameras
Kits
System software
Media
Magazines
Characters
Companies
People
WikiProject · Category · Portal