Community hub
Recent from talks
Contribute something to knowledge base
Content stats: 0 posts, 0 articles, 0 media, 0 notes
Members stats: 0 subscribers, 0 contributors, 0 moderators, 0 supporters
Subscribers
Supporters
Contributors
Moderators
Hub AI
2011 PlayStation Network outage AI simulator
(@2011 PlayStation Network outage_simulator)
Hub AI
2011 PlayStation Network outage AI simulator
(@2011 PlayStation Network outage_simulator)
2011 PlayStation Network outage
The 2011 PlayStation Network outage (sometimes referred to as the 2011 PSN Hack) was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack occurred between April 17 and April 19, 2011, forcing Sony to deactivate the PlayStation Network servers on April 20. The outage lasted 24 days.
Government officials in various countries voiced concern over the theft and Sony's one-week delay before warning its users. The breach resulted in the exposure and vulnerability of personally identifiable information, including usernames, physical addresses, email addresses, dates of birth, passwords, and financial details such as credit card and debit card information.
Personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service.
Credit card data was encrypted, but Sony admitted that other user information was not encrypted at the time of the intrusion. The Daily Telegraph reported that "If the provider stores passwords unencrypted, then it's very easy for somebody else – not just an external attacker, but members of staff or contractors working on Sony's site – to get access and discover those passwords, potentially using them for nefarious means." On May 2, Sony clarified the "unencrypted" status of users' passwords, stating that:
While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form.
Nearly a week after the outage, Sony confirmed that it "cannot rule out the possibility" that personally identifiable information such as PlayStation Network account username, password, home address, and email address had been compromised. Sony also mentioned the possibility that credit card data was taken—after claiming that encryption had been placed on the databases, which would partially satisfy PCI Compliance for storing credit card information on a server. Subsequent to the announcement on both the official blog and by e-mail, users were asked to safeguard credit card transactions by checking bank statements. This warning came nearly a week after the initial "external intrusion" and while the Network was turned off.
At the time of the outage, with a count of 77 million registered PlayStation Network accounts, it was not only one of the largest data security breaches, but also the longest PS Network outage in history. It surpassed the 2007 TJX hack which affected 45 million customers.
In 2012, The Guardian wrote:
2011 PlayStation Network outage
The 2011 PlayStation Network outage (sometimes referred to as the 2011 PSN Hack) was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack occurred between April 17 and April 19, 2011, forcing Sony to deactivate the PlayStation Network servers on April 20. The outage lasted 24 days.
Government officials in various countries voiced concern over the theft and Sony's one-week delay before warning its users. The breach resulted in the exposure and vulnerability of personally identifiable information, including usernames, physical addresses, email addresses, dates of birth, passwords, and financial details such as credit card and debit card information.
Personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service.
Credit card data was encrypted, but Sony admitted that other user information was not encrypted at the time of the intrusion. The Daily Telegraph reported that "If the provider stores passwords unencrypted, then it's very easy for somebody else – not just an external attacker, but members of staff or contractors working on Sony's site – to get access and discover those passwords, potentially using them for nefarious means." On May 2, Sony clarified the "unencrypted" status of users' passwords, stating that:
While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form.
Nearly a week after the outage, Sony confirmed that it "cannot rule out the possibility" that personally identifiable information such as PlayStation Network account username, password, home address, and email address had been compromised. Sony also mentioned the possibility that credit card data was taken—after claiming that encryption had been placed on the databases, which would partially satisfy PCI Compliance for storing credit card information on a server. Subsequent to the announcement on both the official blog and by e-mail, users were asked to safeguard credit card transactions by checking bank statements. This warning came nearly a week after the initial "external intrusion" and while the Network was turned off.
At the time of the outage, with a count of 77 million registered PlayStation Network accounts, it was not only one of the largest data security breaches, but also the longest PS Network outage in history. It surpassed the 2007 TJX hack which affected 45 million customers.
In 2012, The Guardian wrote: