70 million members affected by data hack

A hacker attack on the online arm of Sony’s PlayStation 3 has compromised the personal information of 70 million members and shut down commerce on the network while Sony works to rebuild its system.

In announcing the extent of the breach on its PlayStation Network and Qriocity systems, Sony said it was still uncertain if any credit card information tied to those accounts was accessed as well. Sony shut down the PlayStation Network six days ago after discovering the breach, but Monday’s announcement was the first that gave substantial information about the scope of the intrusion.

“Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID,” wrote Patrick Seybold, senior director of corporate communications for SCEA. “It is also possible that your profile data, including purchase history and billing address … and your PlayStation Network/Qriocity password security answers may have been obtained. … While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.”

Unlike Microsoft’s Xbox Live program, Sony does not charge an annual subscription fee for access to the PSN, so a good percentage of the 70 million affected accounts do not have to worry about credit card fraud. (Credit cards can be used to purchase downloaded games, expansion packs, movies, TV episodes and music.)

Sony expects to restore some — but not all — online services within a week.

The company warned subscribers to be on alert for identity theft attempts as well as email, telephone and postal scams and has arranged with the three major U.S. credit bureaus to allow users to put a “high alert” status on their credit accounts, which could cut back on some of the potential damage. It is also advising them to change their password when service is ultimately restored.

To date, no group or individual has claimed credit for the attack. The rogue group known as Anonymous was initially suspected, after it vowed in early April to target Sony after the company’s legal action against a hacker who dismantled the PS3’s security and disrupted the network earlier this month.

However, Anonymous, which was responsible for disrupting the sites of the MPAA and RIAA last September (Daily Variety, Sept. 21, 2010), denies responsibility for this incident, saying on its site, “While it could be the case that other Anons have acted by themselves, AnonOps was not related to this incident and does not take responsibility for whatever has happened.”

While the data breach is certainly Sony’s biggest problem, the shutdown of the PlayStation Network couldn’t come at a much worse time. Last week, it released “SOCOM 4,” a multiplayer-focused action entry in what is traditionally one of its biggest franchises. The game is largely unplayable at this point, despite an ongoing ad campaign from the company. Also, “Portal 2,” one of the year’s most eagerly anticipated titles, had struck a deal with Sony tied to its online mode, and while the game is playable in single-player mode, multiplayer is dead in the water.

Beyond that, small development houses that release their games digitally — but not in traditional brick-and-mortar retailers — are unable to generate any income. Sony has reportedly vowed to help some of those gamemakers.

“Sony will be helping us retain key focus (PSN store promotion) for a few extra weeks as they understand how something like this can affect a small dev studio like ours,” Paddy Murphy, CEO of Open Emotion, told IGN.

The outage and data breach could give Microsoft an advantage in the online gaming space, as its Xbox Live service has never suffered such a compromise.

Filed Under:

Follow @Variety on Twitter for breaking news, reviews and more