PlayStation Network and Qriocity completely compromised

Fun & Games
PlayStation Network and Qriocity completely compromised


PlayStation Network and Qriocity completely compromised

…an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

While Sony was devoting its resources to harassing makers, tinkerers and innovators their network was completely compromised, and if you used it – all of your info is likely compromised. 75 million users, incredible. I’m pretty sure this is the largest ID theft in history.

42 thoughts on “PlayStation Network and Qriocity completely compromised

  1. Drew Harwell says:

    “While Sony was devoting its resources to harassing makers, tinkerers and innovators”

    As if their legal department and software development teams are somehow related.

    The way Sony reacted to people hacking their console was inappropriate, okay, but they (and their) users didn’t deserve to have this happen to them, as you seem to imply.

    1. Anonymous says:

      hi drew, i didn’t imply anything.

      the way sony reacted to people hacking their console was inappropriate and since resources are not unlimited, even for sony – the millions spent on harassing makers, tinkerers and innovators could have been used for better things in my opinion.

      1. Tim Johnson says:

        They could have fed the starving, or gave mosquito nets to kids in Africa. There’s always something better. If that were the criteria… you should always put all resources toward the best thing …then putting all their resources toward security would be wrong too. It’s unrealistic. Security needs some resources, research needs some resources, some should be spent on improving development kids, and lots of other things all need resources. You don’t need infinite resources before you can work on priority #2 and lower.

        1. Anonymous says:

          hi tim, better for sony… i think it would be better for sony to devote more resources towards their security issues as opposed to suing makers. i’m a customer, they’ve completely let me down in every way and every opportunity.

        2. Mark Williamson says:

          I guess the fact that they closed down OtherOS and attacked people for rooting the consoles in the name of security suggests that their security focus was misdirected, maybe? Assuming that was the real reason. Cheating in games is a different issue to protecting their network from direct compromise but maybe it suggests they focused too much on making connecting devices trustworthy and not enough on infrastructure?

      2. migpics says:

        I gotta agree with Drew on this one. The tone of the statement does imply that Sony let there defenses down on the security front by going after people for hacking their products. I’m also taken a bit back by calling it ‘harrassing’ as if Sony’s full intention to go after makers is just to make their lives miserable. They’re actions, while we may not agree with them, fall within the confines of the law.
        Can we take a positive spin and put our own energies into providing examples of how makers have used the law to protect themselves (research exemption i.e.) from companies like Sony rather than just bashing Sony?

        1. Mark Williamson says:

          It looks bad for Sony if they’re putting effort into lawyering and yet being compromised on technical stuff – their core competency. But agreed it would be lovely to see positive stories about makers protecting themselves either using the law, or by figuring out how to get people to leave them alone or support them.

        2. Anonymous says:

          suing makers, aibo hobbyists, building expensive drm systems – all while it appears they may have stored all our data in plain text? they’ve completely focused on the wrong things and the wrong people. geohot was not the threat they should have spent all their time and resources on, that’s really obvious now. this looks like the biggest ID theft in history, previously sony had the biggest “rooting” of our computers with their sony bmg root kit installed via music cds.

    2. Alan says:

      I see a direct connection between these two things. A company that sues and harasses people who try to study their products is a company that believes in the failed doctrine of security-through-obscurity. Sony’s war on makers and the bug that allowed this mind-bogglingly huge data breach are two sides of the same coin.

  2. Chris Clower says:

    Sony got what they deserved.

    1. migpics says:

      And so are 75 million users now going to get what Sony deserved to?

      1. Anonymous says:

        No, most of the banking system will. Given that the retailer (Sony) is legally the bank’s agent in credit transactions, their name must be mud now. I’d be very much surprised if they are ever allowed to surface again, unless as a directly-owned subsidiary of MASTERCARD (TM). The only other way for them now will be prepaid credits.

  3. Jake Spurlock says:

    This is lame. I wonder how this translates over into the Netflix world. You have to be logged in with your PSN account to get to Netflix on the PS3.

    1. Gregg says:

      You do? See my comment. That isn’t the case or so the Netflix guy believed.

      1. Jake Spurlock says:

        I can verify, this is how we have bee using it all week. Takes a few times to try and get past it, but it does work.

    2. Tim Johnson says:

      I’m using Netflix on mine right now. It says you have to log in, so click X to try logging in, and after it says that PSN is down for maintenance, then I think you have to try a second time, and then it stops asking and lets you get to Netflix. If you click O to start with, then it doesn’t let you… it has to actually try and connect before it’ll understand that it’s down I guess.

  4. Gregg says:

    Annoying but interesting. Here’s the thing, when I mentioned to a Netflix guy about the illogic of using the XBOX360 network to log into and stream Netflix video on my set, he mentioned that the thing from Nintendo does not need to do that.

    The PSN thing was discussed, and so was the PS3, he noted that Netflix does not need the PSN application running to bring Netflix there.

    I do agree with you Phillip regarding the mess.

  5. openfly says:

    Before the Sony attack on the homebrew scene I wrote a blog piece about how DIY should be brought back into their internal design culture:

    The reality is homebrew and engineering have long been the hallmarks of the best of Sony’s rich history. But in recent years they’ve broken drastically from that past. In doing so they have alienated a group of technically savvy and generally brilliant young people. A group that at one point was so devout that Apple would have killed for that level of brand loyalty.

    Honestly, when things like these are playing out across an entire decade you have to wonder how the people running Sony don’t look at their charts and think… what the hell were we thinking? How could we have been so catastrophically wrong?

    The Japanese used to care about taking responsibility for being wrong. It was one of their more admirable cultural values. Today Sony is just another broken bureaucratic beast dying a slow death. And like so many great enterprises before it, we get to suffer its death throws.

    1. Anonymous says:

      excellent comment(s)

  6. Anonymous says:

    Check on ZDNet, apparently they also got other user-confidential data including mother’s maiden name.
    For me, when we add this to the Epsilon leak (hit me twice), internet security has now been so seriously compromised as to render it untrustworthy. There is now one single level of fallback, which I suspect will leave you all screaming: government-escrow biometric ID, with one key held in a State-issued ID card, one in the escrow agency, opening the door to the bio-check level where the data from the user is sent to the agency which returns nothing more than a yes/no.
    That card can then replace all bank and other ID cards – it’s the direction Belgium is already headed in.
    The only addition I might think about is to allow the use of an alias to protect individual civil liberties (privacy) and to allow the replacement of the identity of it’s ever compromised – the PIN might do, as it cuts the possibility of a forged ID to one in ten thousand.

  7. Anonymous says:

    I also observe that they took nearly a week to blow the whistle. Putting this alongside TEPCO and Toyota, can we trust the Japanese with our data?

Comments are closed.

Discuss this article with the rest of the community on our Discord server!

current: @adafruit - previous: MAKE, popular science, hackaday, engadget, fallon, braincraft ... howtoons, 2600...

View more articles by Phillip Torrone


Maker Faire Bay Area 2023 - Mare Island, CA

Escape to an island of imagination + innovation as Maker Faire Bay Area returns for its 15th iteration!

Buy Tickets today! SAVE 15% and lock-in your preferred date(s).