Credit card information of customers who purchased games from company may also be vulnerable after 'illegal intrusion'
Names, addresses and other personal information connected to tens of millions of Sony PlayStation users may be in the hands of hackers after an "illegal intrusion" into the worldwide network that links the game consoles through an Internet connection.
It's also possible that credit card data was obtained in the intrusion, though the video game company said it has yet to find any evidence that has happened.
Sony believes an unauthorized person obtained the email addresses, birthdates and network passwords for an unknown number of the network's more than 75 million users.
"It is also possible that your profile data, including purchase history and billing address, and your PlayStation Network/Qriocity password security answers may have been obtained," Sony told users on its blog Tuesday.
Sony advised all PlayStation Network users to closely monitor account statements and credit reports, and suggested users change their passwords as soon as the network comes back online. The company expects to restore some network services within a week, PlayStation's senior director of corporate communications and social media Patrick Seybold said in the company statement.
The network intrusion, which is believed to have taken place April 17-19, prompted Sony to turn off its online services last week.
The company said it has hired an outside security firm to investigate and is working to strengthen security as it rebuilds the system.
The PlayStation Network allows owners of the game console to play against each other online. Users can also purchase and download games and movies using their credit cards. Also affected by the breach is Qriocity, a Sony service that streams music and movies to companymade televisions, computers, Blu-ray players and game systems.
Edmonton PlayStation user Jason Konoza cancelled his credit card after news of the breach broke.
When Konoza called his credit card company, the representative on the other end instantly knew what he was calling about.
"They said they were getting a lot of calls," Konoza said Tuesday.
"What a nightmare. I'm just sort of flabbergasted by the whole thing."
Konoza said he cancelled the card as a precaution. But the whole thing had shaken his confidence in a large company he had trusted to keep his information secure.
"I feel kind of betrayed," Konoza said. "I've always been a Sony guy."
Fellow PlayStation user Jon Vandervet didn't cancel his card. He was careful to limit the information he provided Sony to the essentials needed to keep an account.
But Vandervet changed his passwords for any email addresses associated with his accounts, just in case.
"It's kind of scary," he said. "If this means the difference between having a free service and having your stuff compromised, I'd be willing to pay a service fee just to have your stuff protected."
PSN recently came under attack by the hacker group Anonymous, which brought down the system in protest after Sony pursued legal action against a couple of users who broke into their home consoles to see how they worked.
Anonymous has denied involvement in this latest PSN hack.
While there is a segment of the hacker community like Anonymous that breaks into systems for ideological purposes, the majority of hackers do it for criminal gains, cybersecurity expert David Skillicorn said.
While Sony could probably have done more to prevent this from happening, the professor at Queen's School of Computing said the company was right to shut down the system promptly, instead of leaving it up and pretending there wasn't an issue while it tried to learn more about the breach.
"It meant that they took it pretty serious from the time they seemed to have found it, which not every company does," Skillicorn said.
He does wonder, however, why the personal data of users wasn't encrypted to make it more difficult to access.