PlayStation Network outage in 2011 due to an external (electronic) attack

from Wikipedia, the free encyclopedia
PlayStation Network logo.png

The 2011 PlayStation Network outage was the result of an unauthorized intrusion into the PlayStation Network (PSN) and Sony's Qriocity services . Personal data from around 77 million accounts was stolen and users were unable to use the affected services. The PlayStation 3 and PlayStation Portable consoles did not have access to the PlayStation Network. The attack took place between April 17-19, 2011. At the time, there were 77 million registered user accounts on PlayStation Network. As a result, the PlayStation Network was switched off on April 20. The failure lasted 23 days.

On May 4, Sony admitted that personal information had been stolen from every single one of its 77 million users. This incident is one of the biggest security breaches ever. The number of users affected exceeds the TJX hack from 2007, which affected 45 million customers. Government officials in different countries expressed criticism of the data theft and Sony's handling of it, because Sony did not inform users until a week after the incident.

On April 26th, Sony announced that it was working on bringing some online services back to service within a week. On May 14th, Sony released PlayStation 3 firmware version 3.61 as a security update . As part of this update, users were asked to change their password after logging in. However, at the time this update was released, the PlayStation Network was still inaccessible. Kazuo Hirai , then CEO of SCEI , announced regional restoration work. Within the United States of America, continuously updated maps were offered, with the help of which one could follow the progress of the work.

Course of events

On April 20, 2011, Sony spokesman Patrick Seybold confirmed in the official PlayStation blog that Sony is aware that certain functions of the PlayStation Network are inaccessible. When trying to log in via the PlayStation 3 , users were notified that the PlayStation Network is being serviced. The following day, users were informed on PlayStation Blog that Sony was working on the problem, but a specific schedule or date for the restart was not yet known.

The company later announced that an unauthorized intrusion into the online services PlayStation Network and Qriocity was causing the problems. The intrusion took place between April 17th and 19th. On April 20th, Sony temporarily suspended all PSN and Qriocity services worldwide. Sony expressed regret for the failure of the services and called the repair of the system time-consuming, but promised to want to lead to a stronger network infrastructure and additional security. On April 25, Sony spokesman Patrick Seybold confirmed again on the PlayStation blog that the repair and improvement work on the network is a time-consuming process, again without an estimate of the duration. The day after, Sony announced that it had a solution to get the PSN and Qriocity services back online, with some services expected to be back in operation within a week. In addition, Sony publicly admitted that the theft of personal information was the result of an unauthorized (and illegal) intrusion into Sony's systems.

On May 1st, Sony announced a “welcome back” package for affected customers. The company also confirmed that PSN and Qriocity services will be available again during the first week of May.

On May 2, Sony announced in a press release that Sony Online Entertainment (SOE) services had been shut down in order to check for potentially related activity that took place during the original attack. More than 12,000 encrypted credit card numbers from non-US holders and data from 24.7 million SOE accounts may have been tapped.

On May 6th, Sony announced that it was in the final stages of internal testing for the PlayStation Network. The following day, however, Sony reported that it would not be able to offer the services again within the week previously announced on May 1st, because the extent of the attack on SOE was not yet known at that time. SOE confirmed with their own Twitter account that their games will not be available for some time after the weekend.

Reuters reported the event as one of the biggest cyber security breaches ever.

On May 14th, various services became available again by country, starting with North America. These services included: Logging in to PSN and the Qriocity services (including registration and resetting your password), multiplayer functions on PS3 and PSP, playback of purchased video content, Music Unlimited (PS3 and PC), access to third-party services (such as Netflix ), Friends list, chat functionality and PlayStation Home. In addition, the firmware update 3.61 for the PS3 was released as a measure.

On May 23, Sony announced that the outage cost $ 171 million.

Criticism of Sony

Late warning of potential data theft

Original PlayStation 3 model

On April 28, more than a week after the incident, the German-language PlayStation Blog confirmed that Sony could “not completely rule out” the possibility of personal data such as the PlayStation Network account name, password, home and email Addresses were stolen. It was also mentioned that credit card information could be affected.

Personal data stored in plain text

Credit card information was encrypted, but Sony admitted that other personal information was not encrypted at the time of the attack.

Sony's behavior

Making amends to the users

At a press conference in Tokyo on May 1st, Sony announced a "welcome back" package. In addition to selected PlayStation content, the package included 30 days of free PlayStation Plus membership for all affected PSN users, with existing subscribers receiving 30 additional days. Sony promised more content and services over the coming weeks. One year of free identity theft protection was offered to all users, with the details set out below.

On May 16, 2011, Sony announced that two PlayStation 3 and two PSP games would be offered for free from lists of five and four (depending on the region). These games were only available in regions that had access to the PSN before the failure.

PS3 games based on regional availability
game Europe (excluding Germany) Germany North America Asia Japan
Come on, LocoRoco !! BuuBuu Cocoreccho No No No Yes Yes
Dead Nation Yes No Yes No No
Echochrome: Overture No No No No Yes
Hustle Kings No Yes No Yes Yes
Infamous Yes No Yes No No
LittleBigPlanet Yes Yes Yes No No
Ratchet & Clank: Quest for Booty Yes Yes No No No
Super Stardust HD No Yes Yes No No
The Last Guy No No No Yes Yes
Trash box No No No Yes No
Wipeout HD / Fury Yes Yes Yes Yes Yes
PSP games based on regional availability
Games Europe (excluding Germany) Germany North America Asia Japan
Buzz Junior Jungle Party No Yes No No No
Everybody's Golf 2 No Yes No No No
Everybody's Stress Buster No No No Yes Yes
Killzone Liberation Yes No Yes No No
LittleBigPlanet Yes Yes Yes Yes Yes
Locoroco Midnight Carnival No No No Yes Yes
ModNation Racers Yes Yes Yes Yes No
Patapon 2 No No No No Yes
Pursuit Force Yes No Yes No No
What Did I Do to Deserve This, My Lord? No No No No Yes

Change of Terms of Use

The terms of use were updated in 2011. After a number of lawsuits (especially class actions ) in the United States, the terms of use were extended to the effect that users cede their right to future class actions against Sony for security breaches. This also applied retrospectively to pending lawsuits that were initiated before August 20, 2011.

Individual evidence

  1. Nico Jurran: Attack on Playstation Network: Personal data stolen from millions of customers , heise online. April 27, 2011. Retrieved May 6, 2017. 
  2. a b heise online: Playstation Network temporarily switched off after attack. Retrieved May 6, 2017 .
  3. Sony faces legal action over attack on PlayStation network . In: BBC News , bbc.co.uk, April 28, 2011. Retrieved May 8, 2017. 
  4. Shane Richmond: Millions of internet users hit by massive Sony PlayStation data theft , Telegraph. April 26, 2011. Retrieved May 8, 2017. 
  5. ^ Keith Stuart: Sony announces plans for PlayStation Network restoration . The Guardian. May 1, 2011. Retrieved May 8, 2017.
  6. PlayStation Network and Qriocity Outage FAQ . Blog.de.playstation.com. April 28, 2011. Retrieved May 8, 2017.
  7. Owen Good: Welcome Back PSN: The Winners , Kotaku.com. May 20, 2011. Retrieved May 8, 2017. 
  8. Kazuo Hirai's Letter to the US House of Representatives . In: a photo set by Flickr user PlayStation.Blog . Flickr . May 3, 2011. Retrieved on May 8, 2017: "Information appears to have been stolen from all PlayStation Network user accounts, although not every piece of information in those accounts appears to have been stolen, […] The criminal intruders stole personal information from all of the approximately 77 million PlayStation Network and Qriocity service accounts. "
  9. Emily Chung: PlayStation data breach deemed in 'top 5 ever' - Business - CBC News , Cbc.ca. April 27, 2011. Retrieved May 8, 2017. 
  10. PlayStation hack: top five data thefts , Telegraph. April 27, 2011. Retrieved May 8, 2017. 
  11. Tom Phillips: Five years ago today, Sony admitted the great PSN hack. In: Eurogamer. Retrieved April 26, 2016, May 8, 2017 (UK English).
  12. Liana B. Baker, Jim Finkle: Sony PlayStation suffers massive data breach . In: Reuters . April 26, 2011 ( reuters.com [accessed May 8, 2017]).
  13. PS3 System Software Update - PlayStation Blog . Blog.us.playstation.com. December 20, 2010. Retrieved May 8, 2017.
  14. Patrick Klepek: Kazuo Hirai: PlayStation Network Restoration Announcement - PlayStation Blog . Giant bomb. May 14, 2011. Retrieved May 7, 2017.
  15. Patrick Seybold: Play On - PSN Restoration Begins Now - PlayStation Blog . In: blog.us.playstation.com . May 14, 2011. Retrieved May 8, 2017.
  16. Update on PSN Service Outages . PlayStation Blog. April 20, 2011. Retrieved May 8, 2017.
  17. Roland Fauster: Failure in the PlayStation Network update . PlayStation Blog. April 21, 2011. Retrieved May 8, 2017.
  18. ^ Patrick Seybold: Update On PlayStation Network / Qriocity Services . PlayStation Blog. April 22, 2011. Retrieved May 8, 2017.
  19. Hackers steal millions of Sony customer data . Mirror online. April 27, 2011. Retrieved May 8, 2017.
  20. Patrick Seybold: Latest Update for PSN / Qriocity Services - PlayStation Blog . Blog.us.playstation.com. April 23, 2011. Retrieved May 8, 2017.
  21. PSN Update - PlayStation Blog . Blog.us.playstation.com. April 25, 2011. Retrieved May 8, 2017.
  22. Update on PlayStation Network and Qriocity - PlayStation Blog . Blog.us.playstation.com. April 19, 2011. Retrieved May 8, 2017.
  23. Some PlayStation Network And Qriocity Services To Be Available This Week - PlayStation.Blog.Europe . Blog.eu.playstation.com. May 1, 2011. Retrieved May 8, 2017.
  24. ^ A b Wesley Yin-Poole: PSN: Sony outlines "Welcome Back" gifts . In: PlayStation 3 , Eurogamer , May 1, 2011. Accessed May 8, 2017. 
  25. Ben Reeves: Sony Confirms Thousands Of Credit Cards Stolen During Hack - GameInformer News . gameinformer.com. May 2, 2011. Retrieved May 8, 2017.
  26. Nick Caplin: Important Step for Service Restoration - PlayStation.Blog.Europe . Blog.eu.playstation.com. May 6, 2011. Retrieved May 8, 2017.
  27. JC Fletcher: PSN reactivation delayed for 'further testing,' likely not coming back this week . Joystiq. May 6, 2011. Retrieved May 8, 2017.
  28. Twitter / @Sony Online Ent .: We wanted to let you know… . In: twitter.com . 2011. Retrieved May 8, 2017.
  29. Isabel Reynolds: Sony CEO apologises for data theft; shares case 2 pct , Reuters. May 6, 2011. Retrieved May 8, 2017. 
  30. a b Sony Global - News Releases - RESTORATION OF PLAYSTATIONNETWORK AND QRIOCITY SERVICES BEGINS . Sony. May 15, 2011. Retrieved May 8, 2017.
  31. PS3 System Software Update - PlayStation Blog . PlayStation Blog. May 14, 2011. Retrieved May 9, 2017.
  32. Mark Hachman: PlayStation hack to cost Sony $ 171M; Quake Costs Far Higher . In: PC Magazine , May 23, 2011. Retrieved May 8, 2017. 
  33. a b PlayStation Network and Qriocity Failure FAQ , blog.de.playstation.com. April 19, 2011. Retrieved May 8, 2017. 
  34. ^ A b c Details for PlayStation Network and Qriocity Customer Appreciation Program in North America . PlayStation Blog. May 16, 2011. Retrieved May 7, 2017.
  35. a b c d e f Details Of The Welcome Back Program For SCEE Users . PlayStation Blog. May 16, 2011. Retrieved May 7, 2017.
  36. a b PSN service coming back in Asia tomorrow, Welcome Back package detailed . Engadget.com. May 27, 2011. Retrieved May 9, 2017.
  37. a b PlayStationNetwork ・ Qriocity (キ ュ リ オ シ テ ィ) の 一部 サ ー ビ ス 日本 お よ び ア ジ ア の 国 ・ ・ 地域 で も 再 開 ( Japanese ) Sony Computer Entertainment Japan (SCEJ). May 27, 2011. Retrieved May 9, 2017.
  38. STANDARD Verlagsgesellschaft mbH: Sony prohibits lawsuits against Playstation Network . In: derStandard.at . ( derstandard.at [accessed on May 8, 2017]).
  39. Sony asks gamers to sign new terms or face PSN ban . In: BBC News , September 16, 2011. Retrieved May 8, 2017. 
  40. ^ Matt Peckham: Sony's 'No-Sue' PlayStation Network Use Clause is Anti-Consumer . September 19, 2011. Retrieved May 8, 2017.
  41. Terms of Service . 2012. Retrieved May 8, 2017.