In a post on Reddit, “chesh” contends that a custom firmware dubbed Rebug was used to gain access to Sony’s private developer network. This led to these custom firmware users being able to provide fake credit cards and purchase (steal) PSN content. Chesh called it “extreme piracy.”
Believe it or not, there are tutorials on the internet explaining how to use the custom firmware and fake credit card exploit. So this appears to be a viable explanation.
This exploit is what led to Sony shutting down the Playstation Network according to chesh and is the reason that Sony has been forced to rebuild PSN in. It is still unconfirmed whether or not legitimate user’s credit card data was compromised but Sony is still investigating.
Sony: PSN Users’ Personal Information Obtained By “Unauthorized Person”
According to Sony’s Sr. Director, Corporate Communications & Social Media, Patrick Seybold an “unauthorized person” has obtained PlayStation Network Users’ personal information, including name, address, password, login. According to the company, it’s possible that credit card data has been accessed as well. In other words, things just went from a inconvenience to a potential catastrophe for millions of PlayStation 3 users.
According to Sony:
“If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”
Sony’s full statement is under the cut.
Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
- Temporarily turned off PlayStation Network and Qriocity services;
- Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
- Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
Sony Doesn’t Know Yet If Your Credit Card Number Was Stolen
Sony has not yet determined if the personal information or credit card numbers of users on the still-offline Playstation Network have been stolen, according to a Sony spokesman.
Sony Computer Entertainment is conducting “thorough investigation” into the outage, Satoshi Fukuoka, a spokesman for Sony Computer Entertainment in Tokyo, told PC World.
Sony Computer Entertainment of America spokesman Patrick Seybold reiterated Fukuoka’s statement, confirming that Sony is still looking into whether credit card or other personal information were taken during the “external intrusion.”
Both declined to provide more information about the intrusion that led the company to take the global Playstation Network down last week. The network remains down as of Monday morning.
Sony: Credit data risked in PlayStation outage
Sony Corp. said Tuesday that the credit card data of PlayStation users around the world may have been stolen in a hack that forced it to shut down its PlayStation Network for the past week, disconnecting 77 million user accounts.
Some players brushed off the breach as a common hazard of operating in a connected world, and Sony said some services would be restored in a week. But industry experts said the scale of the breach was staggering and could cost the company billions of dollars.
“Simply put, one of the worst breaches we’ve seen in several years,” said Josh Shaul, chief technology officer for Application Security Inc., a New York-based company that is one of the country’s largest database security software makers.
The BIG PSN Outage FAQ
What if I can’t remember if I used a credit card?
Try searching through your emails for anything from DoNotReply@ac.playstation.net.
What if I did use a credit card on the Playstation Network?
While Sony says they have no evidence credit card numbers were stolen, they also say they’re not sure they weren’t. Now might be a good time to cancel your current card and get a replacement.
What if I didn’t use a credit card on my account. Am I safe?
Yes and no. Your credit card info is safe, but your personal information may be out there in the wrong hands. It might be a good idea to keep an eye out for phishing scams, watch your credit report and make sure you change your passwords if you re-used them in multiple places.
What information was taken from Sony?
Sony has confirmed that account information has been compromised, including name, address, and login information for the PlayStation Network and the Qriocity music service.
So how do I check my credit?
U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228 . You can also check the three bureaus individually:
Experian: 888-397-3742 ; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285 ; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289 ; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
When will the Playstation Network be back up?
As of April 26, Sony is expecting the PlayStation Network to be back up “within a week.”
How long has PSN been down?
The system went down last Wednesday, April 20th. (That’s seven days if you’re keeping score.)
Can I play games without going online, either by myself or with a friend locally?
Absolutely. Almost every PS3 game, whether it’s played via disc or download, will work so long as you’re using a mode that doesn’t require PSN access. (That’s internet multiplayer, mostly.) There is a small exception to this, which I’ll explain a little later.
What about using a LAN?
Sure, a setting up a little LAN party would be a great alternative. The only problem is that the selection of LAN-capable PS3 games is pretty limited.
Is Anonymous responsible?
Probably not. The group has publicly denied their involvement, and there has been no definitive proof to say otherwise.
So why are they being arrested?
They aren’t. The rumor is based on an old press release from January.
Some games use digital rights management to prevent piracy. Will that affect my ability to play?
As of now, the only games that we know to be affected are a pair of Capcom downloadable games, Bionic Commando Rearmed 2 and the Final Fight/Magic Sword game pack.
So I can’t play any games online or use PSN. Can I still use non-game PSN apps like Netflix, Hulu Plus, etc?
Netflix works on and off if you’re persistent enough. The others not at all.
What about features like the browser, which use the internet, but aren’t connected to PSN?
Users have reported via forums that the PS3 browser still works.
Can I still get system updates?
The system update feature is not connected to PSN and is therefore functional. (Ever notice that you have to sign out of PSN to download an update?) Users can still also download system updates via the Playstation website.
Is there a chance my trophies could get wiped?
Trophies will not update as long as PSN is down, but since most of them are not internet-based, it’s likely (but not definite) that the trophies that you earn during the shutdown will be added to your account when it updates once PSN is back online. If you were to delete your account or if your console were to crash, however, you would definitely lose any trophies earned while PSN is down. Currently, it is not possible to check trophies via the Playstation website.
Will I lose my saved game data?
Not likely, your saved game data is stored on your hard drive, and therefore should not be affected by the outage.
Am I more likely to lose my data if I’ve been using the cloud storage feature of
No. While you definitely aren’t able to update any data you’ve saved in the cloud, the cloud data is technically a copy of whatever was saved from your machine, so even if the back-up data was lost your save would still be in tact on the machine where it was originally recorded.
Wait I have some questions you didn’t or can’t answer. Can I ask Sony directly?
Yes, Sony says you should contact them if you have any additional questions at: 1-800-345-7669
Sony: PSN services return this week, compensation for customers
Though they still don’t know who orchestrated the intrusion on the PSN servers in San Diego, Calif., they were “very sophisticated,” Hirai said. It’s still not entirely clear what kind of data they got their hands on, but he reiterated that they don’t believe credit card data to have been taken, and added that the company has received no complaints of ID theft or credit card fraud yet.
Most services will be restored “within the week,” Hirai said. The first PSN services to come back online will be online game play for the PlayStation 3 and PlayStation Portable, the ability to play downloaded movies from PSN, and unexpired movie rentals through PSN and Qriocity and chat functionalities.
“We are aiming to restore full services including the PlayStation Store and purchasing features within the month,” said Hirai.
- Accelerating the move, which was already planned, of the data server in San Diego to a new location with more advanced security.
- Enhancing detection capabilities for unauthorized intrusions, adding automated software monitoring, enhancing levels of data protection and encryption and the ability to detect unusual patterns in the server. They will also be installing additional firewalls.
- They are creating a position of Chief Information Security Officer who will report to Shinji Hasejima.
- There will be a system software update to the PS3 that will force users to change passwords. “We regret that we are causing this inconvenience,” they said. Additionally, the password can only be changed on the same PS3 on which the account was created, or through validated email. No doubt this will cause issues for some users.
Users should also be vigilant and check their own credit card statements and purchase histories and change their passwords on other accounts and services. They pointed out that Sony will not contact you to ask for account information, and that they will be covering the cost for theft protection services. They are also looking into covering the costs for users who decide to cancel their credit cards and get new ones.
By the end of next week, Sony hopes to restore some services to the PlayStaiton Network, including:
- Restoration of Online game-play across the PlayStation®3 (PS3) and PSP® (PlayStation®Portable) systems
- This includes titles requiring online verification and downloaded games
- Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers
- Access to account management and password reset
- Access to download un-expired Movie Rentals on PS3, PSP and MediaGo
- PlayStation Home
- Friends List
- Chat Functionality
Additionally, Sony will be offering a “Welcome Back” program, that will include:
- Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
- All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
- Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service.
Wii 2 Announcement Only a Matter of Time, Says Miyamoto
Should you still be doubting that a new Nintendo console is on the way, Shigeru Miyamoto has essentially admitted that such a device is in the works and it’s only a matter of time before it’s officially announced.
Speaking in London this week, Edge reports that Miyamoto was asked about the recent rumors. “Don’t ask!” he responded. “Even when the Wii launched we were developing new hardware, work on 3DS had already started. It’s a matter of when we announce it.” E3 in June is said to be when the reveal will be coming, though when asked about that date, he answered, “Please wait. Be patient until we decide.”
Moving on to the subject of games themselves Miyamoto said more “remakes of games on 3DS” are a lock. One Zelda game — Ocarina of Time — is already being ported to 3DS in June, but the next title in the series Miyamoto would like to see revived is A Link to the Past. “I think A Link To The Past,” he said when asked what game he’d like to see remade on 3DS. “Do you remember Xevious? It’s two-layered and I really wanted to create that at the time. So to see Link To The Past in two layers would be quite attractive for me.”
First look at Phantasy Star Online 2
At a recent promotional event, Sega unveiled a sneak peek at Phantasy Star Online 2, including 15 screenshots that 4Gamer.net snagged for our enjoyment. The pictures show off the world details, character outfits, the UI, and even some shots of combat. Astute Sega fans may even recognize a reference to another hit Sega franchise lurking about.
Reportedly, the action-RPG is in alpha testing with a hopeful release date later this year on the PC. Take a look for yourself in the gallery below!
THQ, Games Workshop renew long-standing exclusive agreement in “multi-year” deal for sci-fi franchise, which has sold 6.5 million units to date.
With Warhammer 40,000: Space Marine due out this summer and Warhammer 40,000: Dark Millennium Online still in development, THQ has plenty of Warhammer 40,000 titles in the works. However, that didn’t stop the Santa Monica-based publisher from today announcing it had extended its licensing deal for the intellectual property with IP creator Games Workshop.
Details on the Warhammer 40,000 extension were vague beyond the fact it was a “multi-year deal” that gives THQ exclusive rights to publish games based on the IP. The agreement covers the full gamut of platforms, including mobile, social, and core games.