PlayStation Network breach timeline: from compromise to compensation

This is a timeline of major events associated with the attack on Sony’s PlayStation Network and Qriocity online services.

Dates are given relative to the location the events took place. Sony announcements, released globally, are listed according to their publication in the U.S.

Related stories

PlayStation network hack results in massive-scale identity theft

Catastrophic Playstation breach: Inventory of what you may have lost

Canadians very vulnerable to identity theft, survey shows

Tuesday, April 19

Sony learned its PlayStation Network and Qriocity networks had been compromised. At the time, the company did not announce this. It was subsequently disclosed in a statement issued by the company’s U.S. subsidiary on April 26.

Wednesday, April 20

Sony took its first public step by closing down the two networks, but it didn’t disclose what it already knew: the networks had been hacked. It issued a statement that said, “We’re aware certain functions of PlayStation Network are down. We will report back here as soon as we can with more information.”

Thursday, April 21

The company said it was still investigating the cause of the outage and that it would be “a full day or two” before everything was back to normal.

A posting on Sony Europe’s PlayStation blog suggested the networks had been attacked. The posting was later removed, but numerous gaming news outlets reported it as saying, “Our support teams are investigating the cause of the problem, including the possibility of targeted behavior by an outside party.”

Friday, April 22

Sony revealed for the first time the cause of the problems. “An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services,”it said in a statement. It offered no details on when services might return to normal.

Hacking group “Anonymous” said in a statement that its core had nothing to do with the attack, but the message left open the possibility that individuals from the group might be responsible. “While it could be the case that other Anons have acted by themselves AnonOps was not related to this incident and takes no responsibility for it,” the statement said. It accused Sony of taking advantage of previous attacks on its network to explain an internal problem with company servers. 

Saturday, April 23

Sony said it was having to rebuild its network as a result of the attack. “Our efforts to resolve this matter involve rebuilding our system to further strengthen our network infrastructure,” it said. “Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security.”

The company said it was “working around the clock to bring them both back online,” but didn’t say when they might return. “We thank you for your patience to date and ask for a little more while we move towards completion of this project,” the statement said. 

Sunday, April 24

For the first time since the problems began, Sony went a day without releasing an update.

Monday, April 25

A spokesman for Sony in Tokyo told IDG News Service a “thorough investigation” was under way. He said the company had not yet determined whether the personal information or credit card numbers of users had been compromised, but that Sony would promptly inform users if it found that were the case.

 

Computer security experts called in by Sony concluded a breach of consumer data had occurred when the PlayStation Network was hacked. At the time, the company held off on making the announcement until the next day.

Tuesday, April 26

Kaz Hirai, head of Sony’s gaming division, appeared at a Tokyo news conference held to unveil the company’s tablet PCs. Hirai expressed condolences and support for victims of the March earthquake and tsunami, talked about the new tablets and how they could download content from the Qriocity online service, but failed to mention the problems with Qriocity and the PlayStation Network. He left the stage without taking questions, as originally scheduled.

About 12 hours later, Sony released its most detailed statement to date on the hack and confirmed that personal information was stolen. The information included names and addresses for registered PlayStation Network and Qriocity users, along with their birth dates, e-mail addresses and other personal information.

“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” Sony said. It advised customers to create credit card fraud alerts and keep a close eye on charges made to linked credit cards.

It also said the PlayStation Network and Qriocity would be back online “within a week.”

Wednesday, April 27

Sony shares fell 2 per cent on news of the potentially huge data leak, ending Wednesday trading in Tokyo at 2,366 yen, down 49 yen.

A class-action lawsuit was filed in the U.S. accusing Sony of not taking “reasonable care to protect, encrypt and secure the private and sensitive data of its users.” It seeks monetary compensation and free credit card monitoring.

Sony published a detailed Q&A that clarified credit card information was stored in an encrypted form and added, “we have no evidence that credit card data was taken.” Other personal information was not encrypted.

Thursday, April 28

Sony shares dropped 4.5 per cent in Tokyo, to end the holiday-shortened week at 2,260 yen.

George Hotz, the hacker who received widespread grassroots support after being sued by Sony for posting code that can jailbreak Sony PlayStation consoles, blamed the company’s recent data breach on executive-level arrogance. “The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts,” said Hotz on his blog. “Alienating the hacker community is not a good idea.”

 

Sony hinted it is considering some form of compensation for users. In a blog posting, it wrote, “We are currently evaluating ways to show appreciation for your extraordinary patience as we work to get these services back online.”

Martyn Williams covers Japan and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn’s e-mail address is [email protected]

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs