Sony thinks an “unauthorized person” now has access to all PlayStation Network account information and passwords, and may have obtained the credit card numbers of the service’s 70 million users.
The PlayStation maker said it believes hackers now have access to customers’ vital information, including names, birthdates, physical and e-mail addresses, and PlayStation Network/Qriocity passwords, logins, handles and online IDs.
Credit card information, purchase histories and other profile data stored on the PlayStation Network servers also could be compromised, the Japanese company said in a lengthy blog post Tuesday afternoon.
“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” reads the post, which Sony says it will e-mail to all PlayStation Network account holders, as well as users of its Qriocity streaming-media service. “If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”
The PlayStation Network, which provides online gameplay and digital game shopping for owners of PlayStation 3 and PSP devices, has been down since Wednesday, following what Sony called an “illegal intrusion” on its servers. The company says it expects to restore “some services” within a week’s time.
Sony said it has temporarily shut down the PlayStation Network and Qriocity services and hired an outside security firm “to conduct a full and complete investigation into what happened,” but refused to offer details on the hack.
When the services go back online, Sony suggests users change their passwords. But until then, the company warned about phishing scams.