SONY PlayStation Network down for over a week due to hackers

The PlayStation Network (PSN) of SONY enables gamers worldwide with a PlayStation3 console to go online and play multiplayer games over the Internet. However, since April 20th 2011 the PSN has been brought down due to a security breach, impacting over 70 million of gamers worldwide. To date, it is unknown when the PlayStation Network will be operational again, but an additional downtime of at least 1 week is expected. In addition, sensitive personal data (such as passwords, dates of birth) of over 70 million PSN users has been stolen, possibly including credit card information.

Only after a week, Sony confirmed that the PlayStation Network (and the music service Qriocity) was taken down temporarily by SONY because of an important security breach. Hackers invaded their network, and user account information was compromised during this unauthorized intrusion into their network. One of possible (and most speculated) incentives for the hackers might be the heavily contested removal of the 'Other OS' feature by SONY on an unilateral basis. Recently SONY sued Geohot and other jailbreakers of the PS3, and came to a settlement a few weeks ago. However, the hacking collective known as 'Anonymous' (responsible for earlier outages) strongly stated that they were not behind the current outage, although they can't assure that members of their collective handled on an individual basis.

(c) Image from

No official details were released yet on the specifics of the security breach. Rumors across blogs point out that the hackers most probably attacked the PlayStation Network by modding their PS3 console (i.e. putting their a non-official/hacked software version on their console), and accessing the PSN via the developer's network. By impersonating a PlayStation developer, they were able to circumvent the existing countermeasures in place, and to access the servers from the internal network. Most probably this was the first step in a sequence of attacks, targetting various software vulnerabilities.

During the attack, sensitive user profile data was revealed, including passwords, date of birth, purchase history and billing addresses of the 70 million users of the PlayStation Network. In addition, SONY could not exclude that credit card data was stolen as well as part of the data breach.

The security breach in the SONY PlayStation Network is not a unique or isolated case. Recent similar incidents on other online infotainment services forecast a further increase in such online attacks. In addition, we can identify a shift in the cybercrime activities, where hackers get more and more organized, be it in rogue criminal organizations making quite some financial profit or hacker collectives going head-to-head to large organizations.

Update 03/05/2011: The chairman of SONY Computer Entertainment America replied to the questions of the U.S. House of Representatives, and explains in more detail what happened during the attack.

Although earlier statements of the hackers collective Anonymous waived away any involvement of the collective in the recent PSN security breach, SONY now points finger at Anonymous for their direct or indirect involvement in the attacks. According to the company, the attackers left a file on one of the servers called 'Anonymous', containing the text 'We are Legion' as referal to the hackers collective.

Update 04/05/2011: The PSN is already down for two weeks now. In addition, several lawsuits are popping up of users suing SONY for the PlayStation Network downtime and the breach of customers' personal information.

Update 05/05/2011: Sony also closed down the pc-network of the online entertainment service (SOE) after a important data set was stolen in a separate security incident prior to PSN breach. According to the Guardian, SONY confirmed that customer data of PC games user were stolen (including the names, addresses, emails, birth dates of birth, phone numbers) of about 25 million customers who played games on its Sony Online Entertainment (SOE) PC games network. These attacks on the SOE network took place on 16 and 17 April 2011.