If you are one of the 100 million or so gamers affected by the breach, then you’ll need to be vigilant over the coming months to make sure that your personal information isn’t being misused.
As Sony works to repair the network and track down the hackers, here’s a look at what the attack involved, what it means for around 3 million gamers here in the UK, and what happens next.
PSN and SOE users are asked to submit personal information in order to play online. If they want to buy games, movies, music or other products, they can also register credit or debit card details as one would with Apple’s iTunes, eBay or Amazon.
Last Tuesday, April 26, Sony announced that hackers had potentially taken the names, addresses, email addresses, dates of birth, and PSN login details of its users.
It also said that it couldn’t rule out the possibility that credit card data had been taken, although added that as yet, there was no evidence to suggest this was the case.
Crucially, Sony says the credit card data was securely encrypted and did not include security codes so the criminals wouldn’t have access to that key bit of information.
What should I do?
If you’re one of the 100 million people affected by the Sony hack, what should you do to minimize the chances of your details being misused?
Sony is advising users to be on their guard against: “mail, telephone, and postal mail scams that ask for personal or sensitive information.” It has said it will never contact you in any way to ask you to ‘confirm’ personal or credit card details. If someone is claiming to be Sony and asks for this information, disregard and delete the message.
Financial Fraud Action UK says that individuals don’t need to contact their banks at this stage, but should keep an eye on any accounts which might have been linked to their PSN or SOE accounts, and check for any unusual or suspicious transactions.
It’s also worth getting a copy of your credit report from one of the credit reference agencies (Equifax, Experian, Call Credit) and checking that for discrepancies.
Finally, if your PSN password and email combination is the same as any login combinations you have for other email accounts or websites, change the passwords as soon as possible.
What happens next?
Sony is said to be pursuing an aggressive investigation to track down the hackers, and while the PSN and SOE remain offline, the PSN at least is expected to make a phased return this week.
When it comes back, Sony says security will be tighter and has even created the new position of Chief Information Security Officer to try and ensure this kind of attack doesn’t happen again.
Playstation 3 users will have to download a mandatory system software update which will require them to change their account passwords before being able to sign into the PSN service. That password will only be able to be changed on the same PS3 on which their account was activated, or through validated email confirmation.
Sony plans to tempt gamers back to the service with a ‘Welcome Back’ scheme as a show of good faith. The scheme is thought to offer customers free downloadable content and one month’s free access to its premium ‘Playstation Plus’ service. Current Playstation Plus subscribers will also have their subscriptions extended by 30 days.