Sony Online Entertainment taken Offline

52028-soe_logo-thumb-200x125-52027.jpg

Sony Online Entertainment (SOE) has gone offline for “maintenance” according to the statement at their site located here which has temporarily replaced their homepage. According to the message:

“Customers outside the United States should be advised that we further
discovered evidence that information from an outdated database from
2007 containing approximately 12,700 non-US customer credit or debit
card numbers and expiration dates (but not credit card security codes)
and about 10,700 direct debit records listing bank account numbers of
certain customers in Germany, Austria, Netherlands and Spain may have
also been obtained. We will be notifying each of those customers
promptly.”

They also go on to state that their main credit card database was not at risk as it is located in a “completely separate and secured environment.” SOE and PSN (Playstation Network)  provide separate entertainment services for Sony. SOE is probably better known among PC users for the MMOs they have focused on that platform, such as Everquest and Star Wars Galaxies.

However, perhaps as many as 24.6 million user accounts were also affected by the attack with personal information compromised in the same way that they had been on PSN with names, addresses, and hashed passwords placed at risk. Whether or not the two incidents are related is anyone’s guess. Since SOE is down, that also means anyone hoping to squeeze in a little time on any of its games are going to have to wait.

To say that Sony has had the worst few days in their life is probably something of an understatement at this point. With PSN’s forced downtime and now SOE’s over security, I can only imagine the IT specialists working in the trenches at the company praying for some light at the end of the tunnel.

Sony’s PSN Press Conference – What was said

51881-PSN_icon-thumb-200x202-51880.jpg

Sony held a press conference at 2PM (Japan time) to answer questions on the PSN breach. Kazuo Hirai, CEO of Sony, headed the panel with two other officers from the company: Senior VP, Shiro Kambe, and CIO, Shinji Hasejima. Together, they answered questions and provided some explanation for what has been happening. After a short introduction and an opening statement, all three then deeply bowed in a formal demonstration of sincere apology.

Much of what was said was already generally known such as the involvement of the FBI and Homeland Security. However, it was mentioned that the passwords were hashed (giving them some protection) and that Sony reiterated their ongoing efforts to strengthen the network along with their deepest apologies for the inconvenience that this has caused everyone.

They also covered a timeline detailing events from when the intrusion was made between April 17 – 19th and when they shut PSN down on the 20th once detecting it, finally engaging an unnamed “top” security firm in the United States on the 24th to help with their investigations.

Shinji Hasejima, Sony’s CIO, explained that the exploit had gone in appearing as a normal transaction and left the system in the same way, avoiding the conventional security measures they had in place. As with Kazuo Hirai, he promises that stronger measures will be implemented. SNEI (Sony Network Entertainment International) manages the PSN servers’ data center located at an AT&T facility in California.

Kazuo Hirai had also stated they they are not certain that Anonymous is to blame for this breach, referencing only the problems that they have had with the hacktivist group in the past. They still have not determined who the actual perpetrators are. To that end, they are working with law enforcement officials in various countries as the investigation expands.

At one point, it had been mentioned that Sony will cover the fees associated
with the re-issuance of credit cards (presumably such as those a card company may charge for a replacement). When pressed for further details by the press, it was then explained that while there is no clear evidence of leaked credit card info or improper use, if there is illegal usage and the customer suffers damage, then Sony will deal with it on a case by case basis. According to a statement earlier in the conference, there are approximately 10 million
credit cards registered on PSN (out of an estimated 77 million accounts).

A “Welcome Back” program was also mentioned for when PSN returns which includes a thirty day trial period of  PS Plus along with a number of other incentives from their Marketplace as an apology to all affected users.

Update (5.01.11): Playstation Blog has updated with a review of what was stated in the conference as well as noting that PSN and Qriocity services will be rolling out worldwide in phases. Also updated the original article above to reflect that the passwords were actually hashed. If you want to watch the whole thing (which is more than an hour and a half), it’s located here.