Last week’s hack of Sony’s PlayStation Network and Qriocity streaming service resulted in the exposure of its users’ personal information. Sony says the data includes:
… name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
Sub-account information’s been exposed, also.
On his blog Krebs on Security, Brian Krebs thinks one of the most likely scenarios attributes the attack to psx-scene.com:
It remains unclear what may have caused the breach, and while there are many theories, one explanation seems to hold more water than the rest: TorrentFreak cites a Reddit.com posting from “Chesh,” a self-proclaimed staff member from psx-scene.com, a site dedicated to hacking and modding PlayStations. According to Chesh, the breach came about because of a glitch in the system that allowed “extreme piracy of PSN content.”
See his post if you want more of the technical details. (And if you use PSN and were lazy about setting up a strong password, change it now, Krebs says.)
Sony says it has a “clear path” to getting PSN and Qriocity back online, and expects to restore “some services within a week.”
Thanks to eSecurity Planet.