Edit filter log

Details for log entry 19735527

14:15, 14 November 2017: 213.131.180.46 (talk) triggered filter 432, performing the action "edit" on 2011 PlayStation Network outage. Actions taken: Warn; Filter description: Starting new line with lowercase letters (examine)

Changes made in edit

Action parameters

Variable	Value
Whether or not the edit is marked as minor (no longer in use) (`minor_edit`)	false
Name of the user account (`user_name`)	'213.131.180.46'
Whether or not a user is editing through the mobile interface (`user_mobile`)	false
Page ID (`page_id`)	31607666
Page namespace (`page_namespace`)	0
Page title without namespace (`page_title`)	'2011 PlayStation Network outage'
Full page title (`page_prefixedtitle`)	'2011 PlayStation Network outage'
Action (`action`)	'edit'
Edit summary/reason (`summary`)	''
Old content model (`old_content_model`)	'wikitext'
New content model (`new_content_model`)	'wikitext'
Old page wikitext, before the edit (`old_wikitext`)	'[[File:PlayStation Network logo.png\|frameless\|400px\|right]] The '''2011 PlayStation Network outage''' was the result of an "[[Hacker (computer security)\|external intrusion]]" on [[Sony]]'s [[PlayStation Network]] and [[Qriocity]] services, in which personal details from approximately 77 million accounts were compromised and prevented users of [[PlayStation 3]] and [[PlayStation Portable]] consoles from accessing the service.<ref name="PSN News Update 260411">{{cite web \|title=PlayStation Network Restoration Begins \|work=PlayStation Network / PSN News \|publisher=Sony \|location=United Kingdom \|date=2011-05-17 \|url= http://uk.playstation.com/psn/news/articles/detail/item369506/PSN-Qriocity-Service-Update/ \|accessdate=2011-10-20}}</ref><ref name="BBC 26042011">{{cite news \|url=http://www.bbc.co.uk/news/technology-13192359 \|title=Sony faces legal action over attack on PlayStation network \|work=BBC News \|publisher=bbc.co.uk \|date=2011-04-28 \|accessdate=2011-04-29}}</ref><ref name="Telegraph 26042011">{{cite news \|last=Richmond \|first=Shane \|title=Millions of internet users hit by massive Sony PlayStation data theft \|publisher=Telegraph \|location=London \|date=2011-04-26 \|url= http://www.telegraph.co.uk/technology/news/8475728/Millions-of-internet-users-hit-by-massive-Sony-PlayStation-data-theft.html \|accessdate=2011-04-29}}</ref><ref name="Australian 27042011">{{cite news \|last=Griffith \|first=Chris \|title=PlayStation users in Australia urged to check credit card activity \|work=Australian IT \|publisher=The Australian \|date=2011-04-27 \|url= http://www.theaustralian.com.au/australian-it/exec-tech/playstation-users-in-australia-urged-to-check-credit-card-activity/story-e6frgazf-1226045582897 \|accessdate=2011-11-20}}</ref> The attack occurred between April 17 and April 19, 2011,<ref name="PSN News Update 260411" /> forcing Sony to turn off the PlayStation Network on April 20. On May 4 Sony confirmed that [[personally identifiable information]] from each of the 77 million accounts had been exposed.<ref>{{cite web \|title=Kazuo Hirai's Letter to the U.S. House of Representatives \|work=a photo set by Flickr user PlayStation.Blog \|publisher=[[Flickr]] \|date=2011-05-03 \|url=https://www.flickr.com/photos/playstationblog/sets/72157626521862165/ \|accessdate=2011-10-20 \|quote=Information appears to have been stolen from all PlayStation Network user accounts, although not every piece of information in those accounts appears to have been stolen, [...] The criminal intruders stole personal information from all of the approximately 77 million PlayStation Network and Qriocity service accounts.}}</ref> The outage lasted 23 days.<ref>{{cite news \|author=Owen Good \|url=http://kotaku.com/5804318/ \|title=Welcome Back PSN: The Winners \|publisher=Kotaku.com \|date=2011-05-20 \|accessdate=2011-06-02}}</ref> At the time of the outage, with a count of 77 million registered PlayStation Network accounts,<ref>{{cite web\|url=http://blog.eu.playstation.com/2011/04/28/playstation-network-and-qriocity-outage-faq/ \|title=PlayStation Network and Qriocity Outage FAQ – PlayStation.Blog.Europe \|publisher=Blog.eu.playstation.com \|date= \|accessdate=2011-04-29}}</ref> it was one of the largest data security breaches in history.<ref>{{cite news\|author=\|url=http://www.cbc.ca/news/business/story/2011/04/27/technology-playstation-data-breach.html \|title=PlayStation data breach deemed in 'top 5 ever' - Business - CBC News \|publisher=Cbc.ca \|date= 2011-04-27\|accessdate=2011-04-29}}</ref><ref>{{cite web\|url=http://news.sky.com/home/technology/article/15979992 \|title=Video: Sony PlayStation - Hacker Breaks Into Network And Steals Details Of Millions Of Gamers \| Technology \| Sky News \|publisher=News.sky.com \|date= \|accessdate=2011-04-29}}</ref> It surpassed the 2007 [[TJX Companies#Computer systems intrusion\|TJX hack]] which affected 45 million customers.<ref>{{cite news\|author=\|url=http://www.telegraph.co.uk/technology/sony/8476757/PlayStation-hack-top-five-data-thefts.html \|title=PlayStation hack: top five data thefts \|publisher=Telegraph \|date= 2011-04-27\|accessdate=2011-04-29 \|location=London}}</ref> Government officials in [[PlayStation Network outage#Government reaction\|various countries voiced concern]] over the theft and Sony's one-week delay before warning its users. Sony stated on April 26 that it was attempting to get online services running "within a week."<ref>{{cite web\|url=http://www.computerandvideogames.com/299454/playstation-network-down-for-seventh-day/ \|title=PlayStation Network down for seventh day \|publisher=ComputerAndVideoGames.com \|date=2011-04-27 \|accessdate=2011-04-29}}</ref> On May 14, Sony released PlayStation 3 [[firmware]] version 3.61 as a security patch. The firmware required users to change their password upon signing in. At the time the firmware was released, the network was still offline.<ref>{{cite web\|url=http://blog.us.playstation.com/2011/05/14/ps3-system-software-update/ \|title=PS3 System Software Update – PlayStation Blog \|publisher=Blog.us.playstation.com \|date=2010-12-20 \|accessdate=2011-05-16}}</ref> Regional restoration was announced by [[Kazuo Hirai]] in a video from Sony.<ref>{{cite web\|url=http://blog.us.playstation.com/2011/05/14/kazuo-hirai-playstation-network-relaunch-announcement/ \|title=Kazuo Hirai: PlayStation Network Restoration Announcement – PlayStation Blog \|publisher=Blog.us.playstation.com \|date=2010-12-20 \|accessdate=2011-05-16}}</ref> A map of regional restoration and the network within the United States was shared as the service was coming back online.<ref>{{cite web \|url= http://blog.us.playstation.com/2011/05/14/play-on-%E2%80%93-psn-restoration-begins-now/ \|title=Play On – PSN Restoration Begins Now – PlayStation Blog \|first= Patrick\|last=Seybold \|work=blog.us.playstation.com \|year=2011 \|accessdate=16 May 2011}}</ref> ==Timeline of the outage== On April 20, 2011, Sony acknowledged that on the official PlayStation Blog that it was "aware certain functions of the PlayStation Network" were down. Upon attempting to sign in via the [[PlayStation 3]], users received a message indicating that the network was "undergoing maintenance".<ref>{{cite web \|title=Update on PSN Service Outages \|publisher=PlayStation Blog \|location=United States \|date=2011-04-20 \|url=http://blog.us.playstation.com/2011/04/20/update-on-psn-service-outages-2/ \|accessdate=2011-04-29}}</ref><ref>{{cite news \|title=Timeline of Sony's PlayStation Network outage \|publisher=hken.ibtimes.com \|date=2011-05-15 \|url= http://hken.ibtimes.com/articles/145875/20110515/timeline-of-sony-s-playstation-network-outage.htm \|accessdate=2011-05-15}}</ref> The following day, Sony asked its customers for patience while the cause of outage was investigated and stated that it may take "a full day or two" to get the service fully functional again.<ref>{{cite web \|title=Latest Update on PSN Outage \|publisher=PlayStation Blog \|location=United States \|date=2011-04-21 \|url=http://blog.us.playstation.com/2011/04/21/latest-update-on-psn-outage/ \|accessdate=2011-04-29}}</ref> The company later announced an "external intrusion" had affected the PlayStation Network and Qriocity services.<ref>{{cite web \|title=Update On PlayStation Network/Qriocity Services \|publisher=PlayStation Blog \|location=United States \|date=2011-04-22 \|url=http://blog.us.playstation.com/2011/04/22/update-on-playstation-network-qriocity-services/ \|accessdate=2011-04-29}}</ref> This intrusion occurred between April 17 and April 19. On April 20, Sony suspended all PlayStation Network and Qriocity services worldwide.<ref name="PlayStation FAQ">{{cite web \|url=http://us.playstation.com/support/answer/index.htm?a_id=2356 \|title=PlayStation Knowledge Center \| Support - PlayStation.com \|publisher=us.playstation.com \|date=2011-01-10 \|accessdate=2011-04-29}}</ref> Sony expressed their regrets for the downtime and called the task of repairing the system "time-consuming" but would lead to a stronger network infrastructure and additional security.<ref>{{cite web \|url=http://blog.us.playstation.com/2011/04/23/latest-update-for-psnqriocity-services/ \|title=Latest Update for PSN/Qriocity Services – PlayStation Blog \|publisher=Blog.us.playstation.com \|date=2011-04-23 \|accessdate=2011-04-29}}</ref> On April 25, Sony spokesman Patrick Seybold reiterated on the PlayStation Blog that fixing and enhancing the network was a "time intensive" process with no estimated time of completion.<ref>{{cite web \|url=http://blog.us.playstation.com/2011/04/25/psn-update/ \|title=PSN Update – PlayStation Blog \|publisher=Blog.us.playstation.com \|date=2011-04-25 \|accessdate=2011-04-29}}</ref> However, the next day Sony stated that there was a "clear path to have PlayStation Network and Qriocity systems back online", with some services expected to be restored within a week. Furthermore, Sony acknowledged the "compromise of personal information as a result of an illegal intrusion on our systems."<ref>{{cite web\|url=http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/ \|title=Update on PlayStation Network and Qriocity – PlayStation Blog \|publisher=Blog.us.playstation.com \|date=2011-04-19 \|accessdate=2011-04-29}}</ref> On May 1 Sony announced a "Welcome Back" program for customers affected by the outage. The company also confirmed that some PSN and Qriocity services would be available during the first week of May.<ref>{{cite web \|url= http://blog.eu.playstation.com/2011/05/01/some-playstation-network-and-qriocity-services-to-be-available-this-week/ \|title=Some PlayStation Network And Qriocity Services To Be Available This Week – PlayStation.Blog.Europe \|publisher=Blog.eu.playstation.com \|date= \|accessdate=2011-05-01}}</ref><ref name=EG_Sony_May_1/> The list of services expected to become available included:<ref>{{cite web \|url= http://blog.eu.playstation.com/2011/05/01/some-playstation-network-and-qriocity-services-to-be-available-this-week/ \|title=Some PlayStation Network And Qriocity Services To Be Available This Week – PlayStation.Blog.Europe \|publisher=Blog.eu.playstation.com \|date= \|accessdate=2011-05-07}}</ref> {{Quotation\| Restoration of Online game-play across the PlayStation 3 (PS3) and PSP (PlayStation Portable) systems This includes titles requiring online verification and downloaded games Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers Access to account management and password reset Access to download un-expired Movie Rentals on PS3, PSP and MediaGo PlayStation Home Friends List Chat Functionality}} On May 2 Sony issued a press release, according to which the [[Sony Online Entertainment]] (SOE) services had been taken offline for maintenance due to potentially related activities during the initial criminal hack. Over 12,000 credit card numbers, albeit in [[encryption\|encrypted]] form, from non-U.S. cardholders and additional information from 24.7 million SOE accounts may have been accessed.<ref name="autogenerated1">{{cite web \|url=http://www.soe.com/securityupdate/pressrelease.vm \|title=Service Under Maintenance \|publisher=SOE \|date=2010-03-31 \|accessdate=2011-05-04}}</ref><ref>{{cite web \|url= http://www.gameinformer.com/b/news/archive/2011/05/02/thousands-of-credit-cards-stolen-during-second-sony-hack.aspx \|title= Sony Confirms Thousands Of Credit Cards Stolen During Hack - GameInformer News \|publisher=gameinformer.com \|date=2011-05-02 \|accessdate=2011-05-02}}</ref> During the week, Sony sent a letter to the [[US House of Representatives]], answering questions and concerns about the event.<ref>{{cite web \|url=http://blog.us.playstation.com/2011/05/04/sonys-response-to-the-u-s-house-of-representatives/ \|title=Sony’s Response to the U.S. House of Representatives – PlayStation Blog \|publisher=Blog.us.playstation.com \|date=2010-12-20 \|accessdate=2011-05-07}}</ref> In the letter Sony announced that they would be providing Identity Theft insurance policies in the amount of $1 million USD per user of the PlayStation Network and Qriocity services, despite no reports of credit card fraud being indicated. This was later confirmed on the PlayStation Blog, where it was announced that the service, [[AllClear ID]] Plus powered by [[Debix]], would be available to users in the United States free for 12 months, and would include Internet surveillance, complete identity repair in the event of theft and a $1 million identity theft insurance policy for each user.<ref>{{cite web \|url= http://blog.us.playstation.com/2011/05/05/sony-offering-free-allclear-id-plus-identity-theft-protection-in-the-united-states-through-debix-inc/ \|title=Sony Offering Free ‘AllClear ID Plus’ Identity Theft Protection in the United States through Debix, Inc. – PlayStation Blog \|publisher=Blog.us.playstation.com \|date= \|accessdate=2011-05-07}}</ref><ref name="playstation1">{{cite web \|url=http://blog.us.playstation.com/2011/05/05/a-letter-from-howard-stringer/ \|title=A Letter from Howard Stringer – PlayStation Blog \|publisher=Blog.us.playstation.com \|date=2010-12-20 \|accessdate=2011-05-07}}</ref> On May 6 Sony stated they had begun "final stages of internal testing" for the PlayStation Network, which had been rebuilt.<ref>{{cite web \|url=http://blog.eu.playstation.com/2011/05/06/important-step-for-service-restoration/ \|title=Important Step for Service Restoration – PlayStation.Blog.Europe \|publisher=Blog.eu.playstation.com \|date=2011-05-06 \|accessdate=2011-05-07}}</ref> However, the following day Sony reported that they would not be able to bring services back online within the one-week timeframe given on May 1, because "the extent of the attack on Sony Online Entertainment servers" had not been known at the time.<ref>{{cite web \|url=http://www.joystiq.com/2011/05/06/psn-reactivation-delayed-for-further-testing-not-coming-back/ \|title=PSN reactivation delayed for 'further testing,' likely not coming back this week \|author=JC Fletcher \|publisher=Joystiq \|date=2011-05-06 \|accessdate=2011-05-07}}</ref> SOE confirmed on their [[Twitter]] account that their games would not be available until sometime after the weekend.<ref>{{cite web \|url= https://twitter.com/SonyOnline/status/66671981101199360 \|title=Twitter / @Sony Online Ent.: We wanted to let you know ... \|work=twitter.com \|year=2011 \|accessdate=16 May 2011}}</ref> Reuters began reporting the event as "the biggest Internet security break-in ever".<ref>{{cite news \|last=Reynolds \|first=Isabel \|url=https://www.reuters.com/article/2011/05/06/uk-sony-idUKLNE74505420110506?type=companyNews \|title=Sony CEO apologises for data theft; shares fall 2 pct \|publisher=Reuters \|date=2011-05-06 \|accessdate=2011-05-07}}</ref> A Sony spokesperson said:<ref>{{cite news \|url=https://www.reuters.com/article/2011/05/07/sony-idUSL3E7G701T20110507 \|title=Sony removes data posted by hackers, delays PlayStation restart\|publisher=Reuters \|date=2011-05-06 \|accessdate=2013-10-10 \|first=Isabel \|last=Reynolds}}</ref> Sony had removed the personal details of 2,500 people stolen by hackers and posted on a website The data included names and some addresses, which were in a database created in 2001 No date had been fixed for the restart On May 14 various services began coming back online on a country-by-country basis, starting with North America.<ref name="PSNBackOnline"/> These services included: sign-in for PSN and Qriocity services (including password resetting), online game-play on PS3 and PSP, playback of rental video content, Music Unlimited service (PS3 and PC), access to third party services (such as Netflix, Hulu, Vudu and MLB.tv), friends list, chat functionality and PlayStation Home.<ref name="PSNBackOnline">{{cite web \|url=http://www.sony.net/SonyInfo/News/Press/201105/11-0515E/index.html \|title=Sony Global - News Releases - RESTORATION OF PLAYSTATIONNETWORK AND QRIOCITY SERVICES BEGINS \|date={{Date\|2011-05-15\|mdy}} \|accessdate={{Date\|2011-05-15\|mdy}} \|publisher=[[Sony]]}}</ref> The actions came with a firmware update for the PS3, version 3.61.<ref>{{cite web \|url=http://blog.us.playstation.com/2011/05/14/ps3-system-software-update/ \|title=PS3 System Software Update - PlayStation Blog \|date={{Date\|2011-05-14\|mdy}} \|accessdate={{Date\|2011-05-15\|mdy}} \|publisher=[[PlayStation Blog]]}}</ref> As of May 15 service in Japan and East Asia had not yet been approved.<ref>{{cite web \|last=Mochizuki \|first=Takashi \|url= http://www.foxbusiness.com/industries/2011/05/15/japan-restart-sony-online-games-services-approved/ \|title=Japan Restart of Sony Online Games Services Not Yet Approved \|publisher=FoxBusiness.com \|date=2010-04-07 \|accessdate=2011-06-02}}</ref> On May 18 SOE shut down the password reset page on their site following the discovery of another exploit<ref name="May18Website">{{cite web \|url=http://www.eurogamer.net/articles/2011-05-18-sonys-psn-password-page-hacked \|title=Sony's PSN password page exploit \|date={{Date\|2011-05-18\|mdy}} \|accessdate={{Date\|2011-05-18\|mdy}} \|publisher=[[Eurogamer]]}}</ref> that allowed users to reset other users' passwords, using the other user's [[email address]] and date of birth.<ref>{{cite web \|url=http://kotaku.com/5803050/ \|title=Report: Sony PlayStation Network Password Reset Page Exploited, Customer Accounts Potentially Compromised \|date={{Date\|2011-05-18\|mdy}} \|accessdate={{Date\|2011-05-18\|mdy}} \|publisher=Kotaku}}</ref> Sign-in using PSN details to various other Sony websites was also disabled, but console sign-ins were not affected.<ref name="May18Website"/> On May 23 Sony stated that the outage costs were $171 million.<ref name=post>{{cite news \|title=PlayStation Hack to Cost Sony $171M; Quake Costs Far Higher \|work=PC Magazine \|date=May 23, 2011 \|url=https://www.pcmag.com/article2/0,2817,2385790,00.asp}}</ref> ==Sony response== ===US House of Representatives=== Sony reported on May 4 to the PlayStation Blog<ref>{{cite web\|url=http://blog.us.playstation.com/2011/05/04/sonys-response-to-the-u-s-house-of-representatives/ \|title=Sony’s Response to the U.S. House of Representatives – PlayStation Blog \|publisher=Blog.us.playstation.com \|date= \|accessdate=2011-05-05}}</ref> that: {{quotation\|Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, submitted written answers to questions posed by the United States House subcommittee about the large-scale, criminal cyber-attack we have experienced.}} Sony relayed via the letter that: {{quotation\|In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles: # Act with care and caution. # Provide relevant information to the public when it has been verified. # Take responsibility for our obligations to our customers. # Work with law enforcement authorities. <br> We also informed the subcommittee of the following: Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack. We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.” By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts. As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack. Protecting individuals’ personal data is the highest priority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism. *We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.}} ===Explanation of delays=== On April 26, 2011 Sony explained on the PlayStation Blog why it took so long to inform PSN users of the data theft:<ref>{{cite web\|url=http://blog.us.playstation.com/2011/04/26/clarifying-a-few-psn-points/ \|title=Clarifying a Few PSN Points – PlayStation Blog \|publisher=Blog.us.playstation.com \|date=2011-04-26 \|accessdate=2011-05-07}}</ref> {{Quotation\|There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.}} ===Sony investigation=== Possible [[data theft]] led Sony to provide an update in regards to a criminal investigation in a blog posted on April 27: "We are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible."<ref name="bare_url"/> On May 3 Sony Computer Entertainment CEO [[Kazuo Hirai]] reiterated this and said the "external intrusion" which had caused them to shut down the PlayStation Network constituted a "criminal cyber attack".<ref>{{Cite news \|title=Sony: PlayStation Network Resumes This Week \|last=Watt \|first=Peggy \|url=http://www.pcworld.com/article/226795/sony_playstation_network_resumes_this_week.html \|publisher=pcworld.com \|date=30 April 2011 \|accessdate=2 May 2011}}</ref> Hirai expanded further, claiming that Sony systems had been under attack prior to the outage "for the past month and half", suggesting a concerted attempt to target Sony.<ref>{{Cite news \|title=PSN 'welcome back program' includes a free download, 30 days free PlayStation Plus, Qriocity \|last=Fletcher \|first=JC \|url=http://www.joystiq.com/2011/05/01/psn-outage-plus-qriocity-free/ \|publisher=joystiq.com \|date=2011-05-01 \|accessdate=2011-05-02}}</ref> On May 4 Sony announced that it was adding Data Forte to the investigation team of Guidance Software and [[Protiviti]] in analysing the attacks. Legal aspects of the case were handled by Baker & McKenzie.<ref>{{cite web\|url=http://www.vg247.com/2011/05/04/another-team-added-to-sonys-psn-investigation/ \|title=Another team added to Sony’s PSN investigation \|publisher=VG247 \|date= \|accessdate=2011-05-04}}</ref> Sony stated their belief that [[Anonymous (group)\|Anonymous]], or some portion thereof, may have performed the attack.<ref>{{cite news\|last=Bartz \|first=Diane \|url=https://www.reuters.com/article/2011/05/04/us-sony-idUSTRE73R0Q320110504 \|title=Sony blames Anonymous for stage-setting theft \|publisher=Reuters \|date=2011-04-26 \|accessdate=2011-05-04}}</ref> Anonymous denied any involvement.<ref>{{cite web \|url=https://venturebeat.com/2011/04/22/as-playstation-network-outage-continues-hackers-deny-involvement/\|title=Hackers deny involvement in PlayStation Network outage\|accessdate=June 9, 2011}}</ref> Upon learning that a breach had occurred, Sony launched an internal investigation. Sony reported, in its letter to the United States Congress: {{Quotation\| One of our first calls was to the FBI, and this is an active, on-going investigation. <br /><br /> '''Have you identified how the breach occurred?''' <br /><br /> Yes, we believe so. Sony Network Entertainment America is continuing its investigation into this criminal intrusion, and more detailed information could be discovered during this process. We are reluctant to make full details publicly available because the information is the subject of an on-going criminal investigation and also the information could be used to exploit vulnerabilities in systems other than Sony's that have similar architecture to the PlayStation Network.<ref>{{cite news\|last=Edwards \|first=Cliff\|url=https://www.bloomberg.com/news/2011-04-26/sony-says-network-hackers-may-have-stolen-users-personal-data.html\|title=PlayStation Hackers May Have Stolen Data on 75 Million Users, Sony Says \|publisher=Bloomberg \|date=2011-04-26\|accessdate=2011-04-29}}</ref>}} ===Inability to use PlayStation 3 content=== While most games remained playable in their offline modes, the [[PlayStation 3]] was unable to play certain [[Capcom]] titles in any form.<ref>{{cite web\|url=http://www.gamasutra.com/view/news/34240/Opinion_Sonys_Communication_Problem.php \|title=News - Opinion: Sony's Communication Problem \|publisher=Gamasutra \|date= \|accessdate=2011-04-29}}</ref> Streaming video providers throughout different regions such as [[Hulu]], [[Vudu]], [[Netflix]] and [[LoveFilm]] displayed the same maintenance message. Some users claimed to be able to use Netflix's streaming service<ref name="Netflix works despite outage">{{cite web\|last=Barrera\|first=Rey\|title=Netflix-still-works-on-your-ps3-despite-the-outage\|url=http://www.psnation.org/2011/04/25/netflix-still-works-on-your-ps3-despite-the-outage/\|work=PSNation\|accessdate=25 April 2011}}</ref> but others were unable.<ref>{{cite web\|url=http://gigaom.com/video/playstation-network-outage-bad-news-for-netflix-hulu/ \|title=PlayStation Network Outage Bad News for Netflix and Hulu: Online Video News \|publisher=Gigaom.com \|date= \|accessdate=2011-04-29}}</ref> ==Criticism of Sony== ===Delayed warning of possible data theft=== [[File:Ps3-fat-console.png\|thumb\|upright\|Original PlayStation 3 model]] On April 26 nearly a week after the outage, Sony confirmed that it "cannot rule out the possibility"<ref>{{cite news\|url=http://www.bbc.co.uk/news/technology-13206004 \|title=BBC News - Sony's PlayStation hack apology \|publisher=Bbc.co.uk \|date=2011-04-19 \|accessdate=2011-04-29}}</ref> that [[personally identifiable information]] such as PlayStation Network account username, password, home address, and email address had been compromised. Sony also mentioned the possibility that credit card data was taken—after claiming that encryption had been placed on the databases, which would partially satisfy [[PCI Compliance]] for storing credit card information on a server. Subsequent to the announcement on both the official blog and by e-mail, users were asked to safeguard credit card transactions by checking bank statements. This warning came nearly a week after the initial "[[Hacker (computer security)\|external intrusion]]" and while the Network was turned off.<ref>{{cite news\|last=Reynolds \|first=Isabel \|url=https://www.reuters.com/article/2011/04/27/uk-sony-stolendata-idUKTRE73Q0F720110427 \|title=Furore at Sony after Playstation user data stolen \|publisher=Reuters \|date=2009-02-09 \|accessdate=2011-04-29}}</ref> Some disputed this explanation and queried that if Sony deemed the situation so severe that they had to turn off the network, Sony should have warned users of possible data theft sooner than on April 26.<ref>{{cite web\|url=http://www.pcpro.co.uk/news/security/367027/sony-defends-notification-delay-in-data-fiasco \|title=Sony Defends Notification Delay in Data Fiasco \|publisher=PC Pro \|accessdate=2011-04-29}}</ref> Concerns have been raised over violations of [[PCI Compliance]] and the failure to immediately notify users. [[US Senator]] [[Richard Blumenthal]] wrote to Sony Computer Entertainment America CEO [[Jack Tretton]] questioning the delay.<ref>{{cite news\|url=http://content.usatoday.com/communities/gamehunters/post/2011/04/senator-lack-of-details-on-playstation-network-outage-troubling/1 \|title=Senator: Lack of details on PlayStation Network outage 'troubling' - Game Hunters: In search of video games and interactive awesomeness - USATODAY.com \|website=Content.USAToday.com \|date=2011-01-04 \|accessdate=2011-04-29}}</ref> Sony replied in a letter to the subcommittee: {{Quotation\|'''Your statement indicated you have no evidence at this time that credit card information was obtained, yet you cannot rule out this possibility. Please explain why you do not believe credit card information was obtained and why you cannot determine if the data was in fact taken.''' As stated above, Sony Network Entertainment America has not been able to conclude with certainty through the forensic analysis done to date that credit card information was not transferred from the PlayStation Network system. We know that for other personal information contained in the account database, the hacker made queries to the database, and the external forensics teams have seen large amounts of data transferred in response to those queries. Our forensics teams have not seen the queries and corresponding data transfers of the credit card information.}} ===Unencrypted personal details=== Credit card data was encrypted, but Sony admitted that other user information was not encrypted at the time of the intrusion.<ref name="bare_url">{{cite web\|url=http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/ \|title=Q&A #1 for PlayStation Network and Qriocity Services – PlayStation Blog \|publisher=Blog.us.playstation.com \|date=2010-12-20 \|accessdate=2011-04-29}}</ref><ref>{{cite news\|last=Stuart \|first=Keith \|url=https://www.theguardian.com/technology/gamesblog/2011/apr/27/playstation-network-hack-sony \|title=PlayStation Network hack: why it took Sony seven days to tell the world \| Technology \| guardian.co.uk \|publisher=Guardian \|date= 2011-04-27\|accessdate=2011-04-29 \|location=London}}</ref> ''[[The Daily Telegraph]]'' reported that "If the provider stores passwords unencrypted, then it's very easy for somebody else – not just an external attacker, but members of staff or contractors working on Sony's site – to get access and discover those passwords, potentially using them for nefarious means."<ref>{{cite news\|last=Williams \|first=Christopher\|url=http://www.telegraph.co.uk/technology/sony/8478404/PlayStation-hack-Sony-users-urged-to-change-passwords.html \|title=PlayStation hack: Sony users urged to change passwords \|publisher=Telegraph \|date= 2011-04-28\|accessdate=2011-04-29 \|location=London}}</ref> On May 2, Sony clarified the "unencrypted" status of users' passwords, stating that:<ref>{{cite web\|url=http://blog.us.playstation.com/2011/05/02/playstation-network-security-update// \|title=PlayStation Network Security Update – PlayStation Blog\|publisher=Blog.us.playstation.com \|date=2011-05-02 \|accessdate=2011-05-07}}</ref> {{quotation\|While the passwords that were stored were not “encrypted,” they were transformed using a [[cryptographic hash function]]. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form.}} ===British Information Commissioners Office=== Following a formal investigation of Sony for breaches of the UK's [[Data Protection Act 1998]], the Information Commissioners' Office issued a statement highly critical of the security Sony had in place: {{quotation\|If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn't happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough. There's no disguising that this is a business that should have known better. It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.<ref>https://www.theregister.co.uk/2013/01/24/sony_psn_breach_fine/</ref>}} Sony was fined £250,000 ($395k) for security measures so poor they did not comply with the British law. ==Sony Online Entertainment outage== On May 3 Sony stated in a press release that there may be a correlation between the attack that had occurred on April 16 towards the PlayStation Network and one that compromised [[Sony Online Entertainment]] on May 2.<ref name="autogenerated1"/> This portion of the attack resulted in the theft of information on 24.6 million Sony Online Entertainment account holders. The database contained 12,700 credit card numbers, particularly those of non-U.S. residents, and had not been in use since 2007 as much of the data applied to expired cards and deleted accounts. Sony updated this information the following day by stating that only 900 cards on the database were still valid.<ref>{{cite news \|title=24.6 million SOE accounts potentially compromised \|work=News \|publisher=gamesindustry.biz \|date=2011-03-21 \|url= http://www.gamesindustry.biz/articles/2011-05-03-24-6-million-soe-accounts-potentially-compromised \|accessdate=2011-05-04}}</ref> The attack resulted in the suspension of SOE servers and [[Facebook]] games. SOE granted 30 days of free time, plus one day for each day the server was down, to users of ''[[Clone Wars Adventures]]'', ''[[DC Universe Online]]'', ''[[EverQuest]]'', ''[[EverQuest II]]'', ''[[EverQuest Online Adventures]]'', ''[[Free Realms]]'', ''[[Pirates of the Burning Sea]]'', ''[[PlanetSide]]'', ''[[Poxnora]]'', ''[[Star Wars Galaxies]]'' and ''[[Vanguard: Saga of Heroes]]'', as well as other forms of compensation for all other Sony Online games. Security experts Eugene Lapidous of AnchorFree, Chester Wisniewski of [[Sophos\|Sophos Canada]] and Avner Levin of [[Ryerson University]] criticized Sony, questioning its methods of securing user data. Lapidous called the breach "difficult to excuse" and Wisniewski called it "an act of hubris or simply gross incompetence".<ref>{{cite web \|last=Brightman \|first=James \|title=Sony Breach 'Difficult to Excuse' Say Security Experts \|publisher=IndustryGamers \|date=2011-05-03 \|url=http://www.industrygamers.com/news/sony-breach-difficult-to-excuse-say-security-experts/ \|accessdate=2011-05-05}}</ref><ref>{{cite news \|last=Chung \|first=Emily \|title=Sony data breach update reveals 'bad practices' \|publisher=[[CBC News]] \|date=2011-05-03 \|url=http://www.cbc.ca/news/business/story/2011/05/03/sony-data-breach-playstation.html \|accessdate=2011-05-05}}</ref><ref>{{cite web \|last=Westervelt \|first=Robert \|title=Sony attack: Sony expands scope of its massive data security breach \|publisher=SearchSecurity.com \|date=2011-05-03 \|url= http://searchsecurity.techtarget.com/news/2240035422/Sony-attack-Sony-expands-scope-of-its-massive-data-security-breach \|accessdate=2011-05-05}}</ref><ref>{{cite news \|last=Schwartz \|first=Matthew J. \|title=Sony Reports 24.5 Million More Accounts Hacked\|publisher=[[InformationWeek]] \|date=2011-05-03 \|url=http://www.informationweek.com/news/security/attacks/229402656 \|accessdate=2011-05-05}}</ref> ==Reaction== ===Compensation to users=== Sony hosted special events after the PlayStation Network returned to service. Sony stated that they had plans for PS3 versions of DC Universe Online and Free Realms to help alleviate some of their losses.<ref>{{cite web \|author=Sony Computer Entertainment America \|url=http://blog.us.playstation.com/2011/04/28/qa-2-for-playstation-network-and-qriocity-services/ \|title=Q&A #2 for Playstation Network and Qriocity \|publisher=playstation.com \|date=2011-04-28 \|accessdate=2011-04-29}}</ref> In a press conference in Tokyo on May 1, Sony announced a "Welcome Back" program. As well as "selected PlayStation entertainment content" the program promised to include 30 days free membership of PlayStation Plus for all PSN members, while existing PlayStation Plus members received an additional 30 days on their subscription. Qriocity subscribers received 30 days. Sony promised other content and services over the coming weeks.<ref name=EG_Sony_May_1>{{cite news \|last=Yin-Poole \|first=Wesley \|url=http://www.eurogamer.net/articles/2011-05-01-psn-sony-outlines-welcome-back-gifts \|title=PSN: Sony outlines "Welcome Back" gifts \|work=PlayStation 3 \|publisher=[[Eurogamer]] \|location=United Kingdom \|date=2011-05-01 \|accessdate=2011-10-20}}</ref> Sony offered one year free identity theft protection to all users with details forthcoming. [[Hulu]] compensated PlayStation 3 users for the inability to use their service during the outage by offering one week of free service to Hulu Plus members.<ref>{{cite news \|last=Jackson \|first=Leah \|title=Hulu Offering Free Credit For PS3 Subscribers \|work=TheFeed \|publisher=[[G4tv.com]] \|date=2011-04-27 \|url=http://www.g4tv.com/thefeed/blog/post/712202/hulu-offering-free-credit-for-ps3-subscribers/ \|accessdate=2011-10-20}}</ref> On May 16, 2011, Sony announced that two PlayStation 3 games and two PSP games would be offered for free from lists of five and four{{Ref\|JPPSPList\|†}} (respectively).<ref name="USFreeGames">{{cite web \|title=Details for PlayStation Network and Qriocity Customer Appreciation Program in North America \|publisher=[[PlayStation Blog]] \|date={{Date\|2011-05-16\|mdy}} \|url= http://blog.us.playstation.com/2011/05/16/details-for-playstation-network-and-qriocity-customer-appreciation-program-in-north-america/ \|accessdate={{Date\|2011-05-17\|mdy}}}}</ref><ref name="EUFreeGames">{{cite web \|title=Details Of The Welcome Back Programme For SCEE Users \|publisher=PlayStation Blog \|date={{Date\|2011-05-16\|mdy}} \|url= http://blog.eu.playstation.com/2011/05/16/details-of-the-welcome-back-programme-for-scee-users-2/ \|accessdate={{Date\|2011-05-17\|mdy}}}}</ref> The games available varied by region<ref name="USFreeGames"/><ref name="EUFreeGames"/> and were only available in countries which had access to the PlayStation Store prior to the outage.<ref name="EUFreeGames"/> On May 27, 2011, Sony announced the "welcome back" package for Japan<ref name="JPFreeGames">{{cite web \|title=PlayStationNetwork・Qriocity（キュリオシティ）の一部サービス  日本およびアジアの国・地域でも再開 \|language=Japanese \|publisher=[[Sony Computer Entertainment\|SCEJ]] \|date={{Date\|2011-05-27\|mdy}} \|url=http://cdn.jp.playstation.com/msg/nr_20110527_psn_qriocity.html \|accessdate={{Date\|2011-10-20}}}}</ref> and the Asia region (Hong Kong, Singapore, Malaysia, Thailand and Indonesia).<ref name="ASFreeGames">{{cite web \|title=Welcome Back Package for Hong Kong, Singapore, Malaysia, Thailand and Indonesia \|publisher=PlayStation.com \|date={{Date\|2011-05-27\|mdy}} \|url=http://asia.playstation.com/id/en/news/latestNewsDetail/227416 \|accessdate={{Date\|2011-05-28\|mdy}}}}</ref> In the Asia region, a theme - ''Dokodemo Issyo Spring Theme'' - was offered for free in addition to the games available in the "welcome back" package.<ref name="ASFreeGames"/> <small style="font-size:85%">{{Note\|JPPSPList\|†}} 5 PSP games are offered in the Japanese market.<ref name="JPFreeGames"/></small> {\| class="wikitable" \|+ PS3 games available by region ! Game !! North America<ref name="USFreeGames"/> !! Europe (non-Germany)<ref name="EUFreeGames"/> !! Germany<ref name="EUFreeGames"/> !! Asia<ref name="ASFreeGames" /> !! Japan<ref name="JPFreeGames" /> \|- \| ''[[Wipeout HD\|Wipeout HD/Fury]]'' \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|- \| ''[[LittleBigPlanet]]'' \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{No}} \|\| {{No}} \|- \| ''[[Infamous (video game)\|InFamous]]'' \|\| {{Yes}} \|\| {{Yes}} \|\| {{No}} \|\| {{No}} \|\| {{No}} \|- \| ''[[Dead Nation]]'' \|\| {{Yes}} \|\| {{Yes}} \|\| {{No}} \|\| {{No}} \|\| {{No}} \|- \| ''[[Super Stardust HD]]'' \|\| {{Yes}} \|\| {{No}} \|\| {{Yes}} \|\| {{No}} \|\| {{No}} \|- \| ''[[Ratchet & Clank: Quest for Booty]]'' \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{No}} \|\| {{No}} \|- \| ''[[Hustle Kings]]'' \|\| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|- \| ''[[The Last Guy]]'' \|\| {{No}} \|\| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|- \| ''[[Trashbox]]'' \|\| {{No}} \|\| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{No}} \|- \| ''[[LocoRoco Cocoreccho\|Come on, LocoRoco!! BuuBuu Cocoreccho]]'' \|\| {{No}} \|\| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|- \| ''[[Echochrome\|Echochrome: Overture]]'' \|\| {{No}} \|\| {{No}} \|\| {{No}} \|\| {{No}} \|\| {{Yes}} \|} {\| class="wikitable" \|+ PSP games available by region ! Game !! North America<ref name="USFreeGames"/> !! Europe (non-Germany)<ref name="EUFreeGames"/> !! Germany<ref name="EUFreeGames"/> !! Asia<ref name="ASFreeGames" /> !! Japan<ref name="JPFreeGames" /> \|- \| ''[[LittleBigPlanet (PSP)\|LittleBigPlanet]]'' \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|- \| ''[[ModNation Racers]]'' \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{No}} \|- \| ''[[Pursuit Force]]'' \|\| {{Yes}} \|\| {{Yes}} \|\| {{No}} \|\| {{No}} \|\| {{No}} \|- \| ''[[Killzone Liberation]]''{{Ref\|KZ\|‡}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{No}} \|\| {{No}} \|\| {{No}} \|- \| ''[[Everybody's Golf 2]]'' \|\| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{No}} \|\| {{No}} \|- \| ''[[Buzz Junior Jungle Party]]'' \|\| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{No}} \|\| {{No}} \|- \| ''[[Everybody's Golf#Everybody's Stress Buster\|Everybody's Stress Buster]]'' \|\| {{No}} \|\| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|- \| ''[[LocoRoco\|Locoroco Midnight Carnival]]'' \|\| {{No}} \|\| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|- \| ''[[Patapon 2]]'' \|\| {{No}} \|\| {{No}} \|\| {{No}} \|\| {{No}} \|\| {{Yes}} \|- \| ''[[What Did I Do to Deserve This, My Lord?]]'' \|\| {{No}} \|\| {{No}} \|\| {{No}} \|\| {{No}} \|\| {{Yes}} \|} <small style="font-size:85%">{{Note\|KZ\|‡}} Version of ''Killzone Liberation'' offered does not offer online gameplay functionality.<ref name="EUFreeGames"/></small> ===Government reaction=== The data theft concerned authorities around the world. Graham Cluley, senior technology consultant at [[Sophos]], said the breach "certainly ranks as one of the biggest data losses ever to affect individuals".<ref>{{cite news\|last=Richmond \|first=Shane \|url=http://www.telegraph.co.uk/technology/news/8475728/Millions-of-internet-users-hit-by-massive-Sony-PlayStation-data-theft.html \|title=Millions of internet users hit by massive Sony PlayStation data theft \|publisher=[[Daily Telegraph\|Telegraph]] \|date={{Date\|2011-04-26\|mdy}} \|accessdate={{Date\|2011-04-29\|mdy}} \|location=London}}</ref><!-- What does this have to do with "Government reaction"? --> The British [[Information Commissioner's Office]] stated that Sony would be questioned,<ref name="telegraph1">{{cite news\|last=Williams \|first=Christopher \|url=http://www.telegraph.co.uk/technology/sony/8476441/PlayStation-hack-Sony-faces-watchdogs-questions.html \|title=PlayStation hack: Sony faces watchdog's questions \|publisher=Telegraph \|date= 2011-04-27\|accessdate=2011-04-29 \|location=London}}</ref> and that an investigation would take place to discover whether Sony had taken adequate precautions to protect customer details.<ref>{{cite web\|author=Wesley Yin-Poole \|url=http://www.eurogamer.net/articles/2011-04-27-ico-confirms-it-will-quiz-sony-over-psn \|title=ICO confirms it will quiz Sony over PSN News - PlayStation 3 - Page 1 \|publisher=Eurogamer.net \|date= \|accessdate=2011-04-29}}</ref> Under the UK's [[Data Protection Act 1998\|Data Protection Act]], Sony was fined £250,000 for the breach.<ref>{{cite news \|last=Halliday \|first=Josh \|url=https://www.theguardian.com/technology/2013/jan/24/sony-fined-over-playstation-hack \|title=Data watchdog fines Sony £250,000 over PlayStation ID hack \|location=London \|work=The Guardian \|date=2013-01-24}}</ref> [[Privacy Commissioner of Canada]] [[Jennifer Stoddart]] confirmed that the Canadian authorities would investigate. The Commissioner's office conveyed their concern as to why the authorities in Canada weren't informed of a security breach earlier.<ref>{{cite web\|url=http://www.canada.com/life/Privacy+Commissioner+office+investigate+Sony+PlayStation+hack/4684627/story.html#ixzz1KlAZpsAq \|title=Privacy Commissioner's office looking into Sony PlayStation hack \|publisher=Canada.com \|date= \|accessdate=2011-04-29}}</ref> US Senator [[Richard Blumenthal]] of [[Connecticut]] demanded answers from Sony about the data breach<ref>{{cite web\|url=http://blumenthal.senate.gov/press/release/index.cfm?id=82698973-255D-4B92-9E18-39E5937C9361 \|title=Blumenthal Demands Answers from Sony over Playstation Data Breach \|publisher=Richard Blumenthal-US senator for Connecticut: Home \|date= \|accessdate=2011-04-26 \|deadurl=yes \|archiveurl=https://web.archive.org/web/20110505041135/http://blumenthal.senate.gov/press/release/index.cfm?id=82698973-255D-4B92-9E18-39E5937C9361 \|archivedate=May 5, 2011 }}</ref> by emailing SCEA CEO [[Jack Tretton]] arguing about the delay in informing its customers and insisting that Sony do more for its customers than just offer free credit reporting services. Blumenthal later called for an investigation by the [[US Department of Justice]] to find the person or persons responsible and to determine if Sony was liable for the way that it handled the situation.<ref>{{cite web\|url=http://blumenthal.senate.gov/press/release/index.cfm?id=7BEBFD12-FFDD-40C2-BA5F-C50C7C9D9E09\|title=Blumenthal Calls for DOJ Investigation of Sony Playstation Data Breach\|publisher=Richard Blumenthal-US senator for Connecticut: Home \|date= \|accessdate=2011-04-29}}</ref> Congresswoman [[Mary Bono Mack]] and Congressman [[G. K. Butterfield]] sent a letter to Sony, demanding information on when the breach was discovered and how the crisis would be handled.<ref>{{cite news \|url=http://www.abc2news.com/dpp/news/national/us-lawmakers-press-sony-for-info-on-data-breach \|title=US lawmakers press Sony for info on data breach \|agency=Associated Press \|date=2011-04-29 \|accessdate=2011-04-30}}</ref> Sony had been asked to testify before a congressional hearing on security and to answer questions about the breach of security on May 2, but sent a written response instead. ===Legal action against Sony=== A lawsuit was posted on April 27 by Kristopher Johns from [[Birmingham, Alabama]] on behalf of all PlayStation users alleging Sony "failed to encrypt data and establish adequate firewalls to handle a server intrusion contingency, failed to provide prompt and adequate warnings of security breaches, and unreasonably delayed in bringing the PSN service back online."<ref>{{cite web\|last=Ogg \|first=Erica \|url=http://news.cnet.com/8301-31021_3-20057921-260.html \|title=Sony sued for PlayStation Network data breach \| Circuit Breaker - CNET News \|publisher=News.cnet.com \|date=2011-03-24 \|accessdate=2011-04-29}}</ref><ref>{{cite web\|url=http://dockets.justia.com/docket/california/candce/3:2011cv02063/240051/ \|title=Johns v. Sony Computer Entertainment America LLC et al \|publisher=Justia\|date=2011-05-03 \|accessdate=2011-05-03}}</ref> According to the complaint filed in the lawsuit, Sony failed to notify members of a possible security breach and storing members' credit card information,<ref>{{cite web\|last=Schwartz \|first=Mathew J. \|url=http://www.informationweek.com/news/security/attacks/229402362 \|title=Sony Sued Over PlayStation Network Hack \|publisher=InformationWeek \|date= \|accessdate=2011-04-29}}</ref> a violation of [[PCI Compliance]]—the digital security standard for the Payment Card Industry. A Canadian lawsuit against Sony USA, Sony Canada and Sony Japan claimed damages up to [[Canadian dollar\|C$]]1 billion including free [[credit monitoring]] and identity theft insurance.<ref>{{cite web \|url= http://www.gamasutra.com/view/news/34499/Canadian_Law_Firm_Files_1_Billion_Class_Action_Lawsuit_Against_Sony_Over_PSN_Data_Breach.php \|title=Canadian Law Firm Files $1 Billion Lawsuit Against Sony Over PSN Data Breach\|publisher=Gamastura\|date=2011-05-04\|accessdate=2011-05-04}}</ref> The plaintiff was quoted as saying, "If you can't trust a huge multi-national corporation like Sony to protect your private information, who can you trust? It appears to me that Sony focuses more on protecting its games than its PlayStation users".<ref>{{cite web\|url=http://business.gather.com/viewArticle.action?articleId=281474979289837\|title=Sony PlayStation Network Down: PSN Hit with $1.04B Class Action Suit\|publisher=Gather\|date=2011-05-04 \|accessdate=2011-05-04}}</ref> In October 2012 a California judge dismissed a lawsuit against Sony over the PSN security breach, ruling that Sony had not violated California's consumer-protection laws, citing "there is no such thing as perfect security".<ref>http://news.cnet.com/8301-1023_3-57538716-93/sony-psn-hacking-lawsuit-dismissed-by-judge/</ref> In 2013 [[United Kingdom]] [[Information Commissioner's Office]] charged Sony with a £250,000 penalty for putting a large amount of personal and financial data of PSN clients at risk.<ref>[http://www.ico.gov.uk/news/latest_news/2013/~/media/documents/library/Data_Protection/Notices/sony_monetary_penalty_notice.ashx Sony Monetary Penalty Notice], ICO, 2013</ref> ===Credit card fraud=== {{As of\|2011\|May}}, there were no verifiable reports of credit card fraud related to the outage. There were reports on the Internet that some PlayStation users experienced credit card fraud;<ref name="fraud_reports">{{cite web \| url=http://www.pcworld.com/article/226775/playstation_network_users_reporting_credit_card_fraud.html \| title=PlayStation users reporting credit card fraud \| accessdate=April 30, 2011}}</ref><ref>{{cite web \| url=http://www.abc.net.au/news/2011-04-28/hackers-run-up-debt-for-playstation-user/2695706 \| title=Hackers run up debt for PlayStation user \| accessdate=April 30, 2011}}</ref><ref>{{cite news \| url=https://www.theguardian.com/technology/blog/2011/apr/29/playstation-network-hackers-credit-cards \| title=Hackers claim to have 2.2 million card details \| accessdate=April 30, 2011 \| location=London \| work=The Guardian \| first=Charles \| last=Arthur \| date=2011-04-29}}</ref> however, they were yet to be linked to the incident. Users who registered a credit card for use only with Sony also reported credit card fraud.<ref>{{cite web \| url=https://arstechnica.com/gaming/news/2011/04/ars-readers-report-credit-card-fraud-blame-sony.ars \| title=Ars readers report credit card fraud \| accessdate=April 30, 2011}}</ref> Sony said that the CSC codes requested by their services were not stored,<ref>{{cite web \|url= http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/ \|title=Q&A #1 for PlayStation Network and Qriocity Services – PlayStation Blog \|work=blog.us.playstation.com \|year=2011 \|accessdate=16 May 2011}}</ref> but hackers may have been able to decrypt or record credit card details while inside Sony's network.<ref name="fraud_reports" /> Sony stated in their letter to the subcommittee: {{Quotation\|'''How many PlayStation Network account holders provided credit card information to Sony Computer Entertainment?''' Globally, approximately 12.3 million account holders had credit card information on file on the PlayStation Network system. In the United States, approximately 5.6 million account holders had credit card information on file on the system. These numbers include active and expired credit cards. As of today, the major credit card companies have not reported that they have seen any increase in the number of fraudulent credit card transactions as a result of the attack, and they have not reported to us any fraudulent transactions that they believe are a direct result of the intrusions described above.}} On May 5, a letter from Sony Corporation of America CEO and President Sir [[Howard Stringer]] emphasized that there had been no evidence of credit card fraud and that a $1 million identity theft insurance policy would be available to PSN and Qriocity users:<ref name="playstation1"/> {{Quotation\|To date, there is no confirmed evidence any credit card or personal information has been misused, and we continue to monitor the situation closely. We are also moving ahead with plans to help protect our customers from identity theft around the world. A program for U.S. PlayStation Network and Qriocity customers that includes a $1 million identity theft insurance policy per user was launched earlier today and announcements for other regions will be coming soon.}} ==Change to terms and conditions== It has been suggested that a change to the PSN terms and conditions announced on September 15, 2011, was motivated by the large damages being claimed by class action suits against Sony, in an effort to minimise the company's losses. The new agreement required users to agree to give up their right (to join together as a group in a [[class action]]) to sue Sony over any future security breach, without first trying to resolve legal issues with an arbitrator.<ref>{{Cite news\|url=http://www.bbc.co.uk/news/technology-14948701 \|title=Sony asks gamers to sign new terms or face PSN ban \|date=16 September 2011 \| work=BBC News}}</ref><ref>{{cite web\|url=http://www.pcworld.com/article/240213/sonys_nosue_playstation_network_use_clause_is_anticonsumer.html\|title=Sony's 'No-Sue' PlayStation Network Use Clause is Anti-Consumer\|date=19 September 2011}}</ref> This included any ongoing class action suits initiated prior to the August 20, 2011. Another clause, which removed a user's right to trial by jury should the user opt out of the clause (by sending a letter to Sony), says: {{Quote\|If the Class Action Waiver clause is found to be illegal or unenforceable, this entire Section 15 will be unenforceable, and the dispute will be decided by a court and you and the Sony Entity you have a dispute with each agree to waive in that instance, to the fullest extent allowed by law, any trial by jury.}} Sony guaranteed that a court of law in the respective country, in this case the US, would hold jurisdiction in regards to any rules or changes in the Sony PSN ToS:<ref>{{cite web\|url=http://us.playstation.com/support/termsofservice \|title=Terms of Service \|year=2012}}</ref> {{Quote\|These Terms of Service and all questions relating to the performance, interpretation, breach or enforcement of these Terms of Service, or the rights, obligations and liabilities of you and us under them are governed by the laws of the State of California. You agree that all disputes, claims or litigation arising from or related in any way to these Terms of Service and our relationship with you will be litigated only in a court of competent jurisdiction located in San Mateo County, State of California. You agree to be subject to personal jurisdiction and venue in that location.}} ==References== {{reflist\|30em}} {{portal bar\|2010s\|Computer security\|Sony PlayStation\|Video games}} {{Hacking in the 2010s}} {{PlayStation 3}} {{PlayStation}} [[Category:2011 crimes]] [[Category:Cyberattacks]] [[Category:PlayStation 3\|Network]] [[Category:PlayStation Network]] [[Category:PlayStation Portable\|Network]] [[Category:Sony Interactive Entertainment]] [[da:PlayStation Network#PlayStation Networks nedbrud 2011]]'
New page wikitext, after the edit (`new_wikitext`)	'hahahahhhahahahahahaha your gay'
Whether or not the change was made through a Tor exit node (`tor_exit_node`)	0
Unix timestamp of change (`timestamp`)	1510668941