By Glenn Chapman
SAN FRANCISCO, April 27, 2011 (AFP) – Sony is warning that hackers stole password, birthday and other data about users of its PlayStation Network that connected PlayStation 3 (PS3) consoles to online games, films and more.
PlayStation Network and Qriocity streaming music service were turned off April 20 in the wake of an “external intrusion,” according to Sony spokesman Patrick Seybold.
While the cyber attack was still being investigated, Sony said it believed that PlayStation Network and Qriocity service users’ names, addresses, birthdates, passwords, and email addresses were swiped.
“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” Sony said in an email message being sent out to PlayStation Network and Qriocity users.
“It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.”
Sony shut off PlayStation Network and Qriocity to investigate the breach and bolster defenses.
“We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week,” Seybold said Tuesday.
Players were still able to take part in games offline on consoles, but lost the ability to challenge others on the Internet, stream movies, or get other services.
PlayStation Network launched in November of 2006 and boasts about 75 million registered users worldwide.
Sony did not indicate whether it identified a culprit in the intrusion.
Internet vigilante group Anonymous had vowed retribution against Sony for taking legal action against hackers who cracked PS3 defenses to change console operating software.
Anonymous argued that PS3 console owners have the right to do what they wish with them, including modifying them.
Wedbush Morgan videogame industry analyst Michael Pachter suspected that Sony was hacked by a gamer more interested in showing off than ripping off PlayStation Network users.
“My guess is the person who hacked the network did it because they could,” Pachter told AFP.
“Sony is a target because gamers tend to be more software sophisticated,” he continued. “If you are a real cyber criminal trying to profit, you go where the money is, not PlayStation Network where the average user is a teenager.”
If Sony gets the Network back up promptly with hardened defenses, users are likely to forgive, according to the analyst. Sony was expected also to atone with free downloadable content and services.
“If it never happens again, I think it is over in two months and everybody forgets about it,” Pachter said. “If it is an evil guy trying to steal, Sony is going to have a nightmare. You just don’t know right now.”
Senator Richard Blumenthal from the state of Connecticut sent Sony Computer Entertainment America chief executive Jack Tretton a letter scolding the company for not alerting PlayStation Network users more quickly.
Blumenthal called on Sony to provide PlayStation Network users with credit tracking services to protect them from identity theft and insurance to cover losses incurred if stolen data is misused.
“I feel bad for Sony,” said Pachter, a PlayStation Network user. “I don’t think they did anything wrong.”