What a Week
PSN intrusion to SingStar, I've tried to cover it all. Here's some highlights:From PSN Still Out. Why? (My Best Guess):
Monday, April 25, 2011 @ 6:15 AM PDT
So Sony had an intrusion. Why isn't this a non-event and we go on with our lives? Simple, PSN accounts have associated names, addresses, and credit card information.
I'm guessing that the real work has just started today. I'd expect some real progress in the next 24-48 hours, but don't be surprised if PSN is off into the weekend.
Sony Response, Update on PlayStation Network and Qriocity:
Tuesday, April 26, 2011 @ ~12:50 PM PDT
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, [sic] PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.From PSA on PSN Data Breach:
Tuesday, April 26, 2011 @ 4:15 PM PDT
The problem is Sony relied on their leaf node security to protect users. In other words, they thought the PS3/other services were not hackable so no need to secure the inner data. ... now we find out they didn't encrypt the user data?Sony Response, Q&A #1 for PlayStation Network and Qriocity Services:
Wednesday, April 27, 2011 @ ~5:15 PM PDT
Q: Was my personal data encrypted?From PSN Security - Transparency and Trophies:
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
Thursday, April 28, 2011 @ 6:05 AM PDT
The thing about trophies is, they are kept on your local system and synced to the server. Even if somehow Sony screwed up and didn't have this data backed up, your PS3 does. Your trophies will be fine people.Sony Response, Q&A #2 for PlayStation Network and Qriocity Services:
But what's more important is this is still described as a data breach not vandalism. That means the person(s) in question just copied data and didn't trash the database. They likely had read only access through a partially privileged account, meaning they couldn't trash the database.
I full [sic] expect all profiles to be fine.
Thursday, April 28, 2011 @ ~8:50 PM PDT
Q: Will our download history/friends list/settings be affected by the PSN downtime?Finally, there's the SingStar Dance review. As a gamer, who can't sing in general I was actually surprised by the game. Well worth checking out.
A: No, they will not.
Q: Will trophies that were earned in single-player offline games during the outage be intact when the service resumes?
A: These trophies are intact and will be re-synched [sic] when the network is once again operational.
Q: Will my PS+ cloud saves be retrievable?
A: Yes, once PSN is restored.