CHANGE YOUR BANK DETAILS IF YOU HAVE USED PSN NOW. THIS IS NO JOKE. AND TOOK SONY TO LONG TO TELL YOU ALL THIS. ALL THEY ARE OFFERING IN COMPENSATION? A 30 DAY FREE TRIAL.
I. New Details -- 10M CC's Lost
This week Sony revealed new details in media comments and posts to its PlayStation blog. It commented that up to 10 million users' credit card numbers were likely obtained by the intruder.
Until now it was unknown whether or not the hackers had gained access to the part of the database containing credit card numbers.
They state it was unclear whether the information thief could gain access to users' credit cards as the numbers were encrypted. Sony indicated that it did not encrypt any of its other user records -- including username, real name, address, email addresses, and birth date. Those records were stored as plain-text and should be easily usable by a malicious party.
Passwords were not encrypted, but were hashed. They were reportedly not salted, which means reversing the hash should be feasible for a savvy cyber-criminal.
Kaz Hirai, Sony's executive deputy president, addressed the public in a streamed press conference [video] late last week, bowing deeply in the traditional Japanese expression of regret. He stated, "We offer our sincerest apologies"
The timeline of events in the intrusion has now become clearer. The intruder gained access between April 17 and 19, apparently having free reign of Qriocity servers. Then on April 19 Sony detected the intrusion and locked out the system.
The PSN service was shut down on April 20. Sony hired three independent firms to investigate the breach. It declined to notify users' though, until April 25.