Approx 12,700 non-US customer card numbers and expiration dates stolen from SOE

Zeouterlimits

Dear god.
http://www.soe.com/securityupdate/

Customer Service Notification
May 2, 2011

Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained - we will be notifying each of those customers promptly.

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.

We apologize for the inconvenience caused by the attack and as a result, we have:

1) Temporarily turned off all SOE game services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.

We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1 (866) 436-6698 should you have any additional questions.
Sincerely,

Sony Online Entertainment LLC

Posted it in Games as SOE games are on PC too, not just Playstation Platforms.
Can't believe this happened.

Overheal

I can.

cherryghost

PR hell. It's a complete farce and unacceptable. It's been almost two weeks since the incident and for the few people that had faith in Sony and declaring that they'll keep ther CC details with them has just had egg thrown in their face.

Well ****ing done, Sony. Well ****ing done.

Chefburns

cherryghost wrote: »

PR hell. It's a complete farce and unacceptable. It's been almost two weeks since the incident and for the few people that had faith in Sony and declaring that they'll keep ther CC details with them has just had egg thrown in their face.

Well ****ing done, Sony. Well ****ing done.

well this seems to be something that they have only discovered recently still poor show

Headshot

Man this is such an embarrassment to gaming industry and I think sony will never recover from this

keithc83

It's definitely going to take something incredible for Sony to fully recover from this and get the gamers to believe in them again. I guess we will have to wait and see what happens from here.

richymcdermott

i heard sony said they pay for consumers cc if anything stolen, but i have to agree sony going to take a huge hit consumers are going to switch shift, but not me luckly i dont use a cc

IrishMactire

And now for some words from someone completely biased:

I used to love Sony. I still play my PlayStation Original... But I am so, SO glad that nowadays I play X-box and pay for my live content, so that I don't have to endure nonsense like Sony puts its users through.

K.O.Kiki

>Watches Sony stock go down
>In a few months, everything is back to normal
>Meh

"Sony will never recover from this" my arse.
It takes more than this to take down a global conglomerate.

12'700 out of 77'000'000 is 0.0165% of the total userbase.

Don't blow this sh*t out of all proportions.

Paparazzo

2007? Nice one, I'm safe!

yammycat

I wonder could this have been industrial sabotage by a competitor, imagine how many people who were going to buy a ps3 will be buying a competing platform instead.

IrishMactire

yammycat wrote: »

I wonder could this have been industrial sabotage by a competitor, imagine how many people who were going to buy a ps3 will be buying a competing platform instead.

No.

A competitor would not do something like this. It is a risk to gain thing. This will hurt Sony quite a bit but if said competitor was caught doing this sort of sabotage it would do so SO much damage to them.

yammycat

K.O.Kiki wrote: »

12'700 out of 77'000'000 is 0.0165% of the total userbase.

the % is irrelevant, just the fact it happened will make people buy xbox instead

richymcdermott

K.O.Kiki wrote: »

>Watches Sony stock go down
>In a few months, everything is back to normal
>Meh

"Sony will never recover from this" my arse.
It takes more than this to take down a global conglomerate.

12'700 out of 77'000'000 is 0.0165% of the total userbase.

Don't blow this sh*t out of all proportions.

consumers trust can hurt them more dude

IrishMactire

K.O.Kiki wrote: »

>Watches Sony stock go down
>In a few months, everything is back to normal
>Meh

"Sony will never recover from this" my arse.
It takes more than this to take down a global conglomerate.

12'700 out of 77'000'000 is 0.0165% of the total userbase.

Don't blow this sh*t out of all proportions.

I agree that we shouldn't blow this out of proportion but that is exactly what people will do and that is why it will hurt Sony. Also in your calculation of percentages you forgot to include all the U.S customers harmed by all this. The 12,700 is just non-U.S customers known to have been harmed in this latest revelation.

This will hurt Sony, not as much as some people seem to think it will but certainly more than you seem to think it will..... Still I'm glad to see someone trying to base an opinion on fact instead of just throwing out whatever comes into there heads (... like me xD ).

Grayditch

Thread title needs to be amended to 'MAY HAVE BEEN' stolen.

jaykhunter

K.O.Kiki wrote: »

>Watches Sony stock go down
>In a few months, everything is back to normal
>Meh

Sony will never recover from this" my arse.
It takes more than this to take down a global conglomerate.

Absolutely.

K.O.Kiki wrote: »

12'700 out of 77'000'000 is 0.0165% of the total userbase.

Don't blow this sh*t out of all proportions.

1 credit card is too many. It's the whole safety that's been compromised, regardless if you're affected.

What bothers me is that people seem placated by a few dollars of bandwidth on PS+ (useless IMO) and their music service that they're trying to hock anyway. Personal Info from 77,000 and 10,000+ CCs (and now add 12,000+ on top of that) and they say "sorry" with this pissant of a gesture?

God's sake Sony. You deserve worse media coverage than what you're getting. This is an unbelievable breach of trust. I can't think of anything worse a company can say to it's customers ("we gave out your personal details, eh better check your CC statement just in case").

Might not be the worst time to buy some Sony stock

keithc83

keithc83 wrote: »

It's definitely going to take something incredible for Sony to fully recover from this and get the gamers to believe in them again. I guess we will have to wait and see what happens from here.

That's OTT IMO.

To buy a game and play online, I don't need to give credit card details.

To buy junk extras from the PSN I do(and then again most use PSN cards or pre paid credit cards), but they are just that... needless extra's.

You do get the odd decent game or DLC, but 99% of people don't even buy anything from there, so this won't have much of an impact on Sony.

Not to the doomsday proportions you're signalling.

yammycat wrote: »

the % is irrelevant, just the fact it happened will make people buy xbox instead

No it won't, lol.

People buy the consoles for the games and extras, not for DLC off the store.... also considering you can use PSN cards, it makes the whole thing irrelevant.

Toyota had to recall cars because they had defective breaks, putting users lives at risk..... yet you don't see anyone shying away from their products.

Anyone I know what a PS isn't talking about the CC details. they just want to know when the PSN is back online to start playing again

Notorious

yammycat wrote: »

the % is irrelevant, just the fact it happened will make people buy xbox instead

Well I've yet to hear of a single person who decided to get an xbox because of the recent Sony scandal. Irish people are still buying and upgrading their PS3s.

Mr E

I know people can try and justify how this won't damage Sony, people can use PSN cards, its only old cards that are affected, its only 0.0165% of the userbase etc. but the bottom line here is a trust issue.

People are going to think twice about buying stuff from PSN, and that's going to hurt developers like Titan Studios, Hello Games and Thatgamecompany (who are all loyal and exclusive to Sony).

eddhorse

Mr E wrote: »

I know people can try and justify how this won't damage Sony, people can use PSN cards, its only old cards that are affected, its only 0.0165% of the userbase etc. but the bottom line here is a trust issue.

People are going to think twice about buying stuff from PSN, and that's going to hurt developers like Titan Studios, Hello Games and Thatgamecompany (who are all loyal and exclusive to Sony).

Great point, i wont be as quick to throw my details onto it when it eventually comes back.... saying that there are other websites out there that have probably leaked my info at some stage or another, this is just on a massive scale.

Antar Bolaeisk

Hang on, SOE affects Planetside and Everquest right?

2smiggy

i play the ps3 , and the only thing that bothers me is that the network is down. trust issues bla bla bla. it could happen any website. i have used my credit card on many sites over the years, and all i do is keep my eye on my statements. if there is anything dodgy i would report it to the bank. its not a big deal.

as for the (possible) stolen CC details, should not have happened, but they are from 2007 , and CC would now be out of date.

this is not mainly sonys fault, its the fault of some saddos , still living with there mothers , who think they are brillant for annoying 70m people who might want to play games online on the ps3.

Magill

lol at some of the over-reactions !! Jesus....

They're quite clearly not going to lose any serious amount of their customer base, at worst it'll give sony a kick up the arse, they've increased their security and in the end will come out a lot stronger for it. Will this whole thing make me think twice about buying a PS3 game ? No, Will it stop me using a CC on PSN ? No... trust issues my hole. Their is always PSN cards, does the same job at the end of the day.

Antar Bolaeisk

Antar Bolaeisk wrote: »

Hang on, SOE affects Planetside and Everquest right?

Yep, this does affect all of Sony's MMOs.

marco_polo

Wait so this SOE security breech is an entirely seperate to the PSN hack? Epic fail Sony :eek:.

http://www.siliconrepublic.com/strategy/item/21613-latest-cyber-attack-on-sony/

Morag

I got that email for a defunct SOE account for the orginal Everquest.
They have really really fúcked up.

Fnz

2smiggy wrote: »

trust issues bla bla bla. it could happen any website. i have used my credit card on many sites over the years, and all i do is keep my eye on my statements. if there is anything dodgy i would report it to the bank. its not a big deal.

as for the (possible) stolen CC details, should not have happened, but they are from 2007 , and CC would now be out of date.

this is not mainly sonys fault, its the fault of some saddos , still living with there mothers , who think they are brillant for annoying 70m people who might want to play games online on the ps3.

You're right! Why waste money securing data. Sony should just leave their customers' private data outside Sony HQ with a sign saying "stealing is illegal". If it happens again you can just cast aspersions on the thieves responsible! :rolleyes:

2smiggy

Fnz wrote: »

You're right! Why waste money securing data. Sony should just leave their customers' private data outside Sony HQ with a sign saying "stealing is illegal". If it happens again you can just cast aspersions on the thieves responsible! :rolleyes:

what exactly do you know about sonys security ? enlighten me please. this could have happened to any company. just happens some group of people (with a very good knowledge of computers) took a dislike to sony. hope they catch and jail them.

ps :rolleyes:

PogMoThoin

Sony are now on my avoid list along with Creative for their complete disregard for their customers. Not one more cent will they ever get from me

Venom

IrishMactire wrote: »

I agree that we shouldn't blow this out of proportion but that is exactly what people will do and that is why it will hurt Sony. Also in your calculation of percentages you forgot to include all the U.S customers harmed by all this. The 12,700 is just non-U.S customers known to have been harmed in this latest revelation.

This will hurt Sony, not as much as some people seem to think it will but certainly more than you seem to think it will..... Still I'm glad to see someone trying to base an opinion on fact instead of just throwing out whatever comes into there heads (... like me xD ).

This news story will hurt Sony for less than a week when the next breaking news story hits the media. Sony's SOE division have had a terrible rep in the MMO community for years with players avoiding there game like the plague and it sadly hasn't effected how the company treats its customer.

Warhammer online had a major screwup last year when monthly subscribers got hit with an insane amount of subscription fees in one month with some people hit for up to 5k + banking fees. It all blew over despite the many shouts of it being the end of Mythic :rolleyes: