SOE Customer Information may have been stolen

Comments on the latest news about crafting and Star Wars Galaxies.

Moderator: Forum Moderator

User avatar
Sobuno
Developer
Posts: 2589
Joined: Sun Mar 25, 2007 2:17 am
Contact:

SOE Customer Information may have been stolen

Post by Sobuno » Mon May 02, 2011 10:51 pm

As previously announced, we have been conducting an ongoing, thorough investigation stemming from the cyber attack in April and promised to notify you should there be any changes to the situation.

We issued a press release today outlining these details. We will promptly send a customer service notification via email to all of our impacted account holders whose customer data may have been stolen as a result of an illegal intrusion on our systems. This information was discovered less than 24 hours ago and in response, we took down our services until we could verify their security.

SOE is committed to delivering secure, stable and entertaining games for players of all ages and we're working around the clock to ensure this situation is resolved as quickly as possible. We deeply regret the inconvenience this has caused and appreciate your continued patience and feedback.

Sincerely,
Sony Online Entertainment
----------------------------------------------------------------
Customer Service Notification

May 2, 2011
Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained - we will be notifying each of those customers promptly.

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.


We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.

We apologize for the inconvenience caused by the attack and as a result, we have:

1) Temporarily turned off all SOE game services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit http://www.annualcreditreport.com or call toll-free (877) 322-8228.

We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Experian: 888-397-3742; http://www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; http://www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; http://www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

You may wish to visit the web site of the U.S. Federal Trade Commission at http://www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or http://www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or http://www.oag.state.md.us.

We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1 (866) 436-6698 should you have any additional questions.

Sincerely,
Sony Online Entertainment LLC
-http://www.soe.com/securityupdate/

User avatar
Sobuno
Developer
Posts: 2589
Joined: Sun Mar 25, 2007 2:17 am
Contact:

Re: SOE Customer Information may have been stolen

Post by Sobuno » Tue May 03, 2011 6:11 pm

PRESS RELEASE
SONY ONLINE ENTERTAINMENT ANNOUNCES THEFT OF DATA FROM ITS SYSTEMS

Breach Believed to Stem From Initial Criminal Hack of SOE
Tokyo, May 3, 2011 - Sony Corporation and Sony Computer Entertainment announced today that their ongoing investigation of illegal intrusions into Sony Online Entertainment LLC (SOE, the company) systems revealed yesterday morning (May 2, Tokyo time) that hackers may have stolen SOE customer information on April 16th and 17th, 2011 (PDT). SOE is based in San Diego, California, U.S.A.

This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.

With the current outage of the PlayStation® Network and Qriocity™ services and the ongoing investigation into the recent attacks, SOE had also undertaken an intensive investigation into its system. Upon discovery of this additional information, the company promptly shut down all servers related to SOE services while continuing to review and upgrade all of its online security systems in the face of these unprecedented cyber-attacks.

On May 1, Sony apologized to its customers for the inconvenience caused by its network services outages. The company is working with the FBI and continuing its own full investigation while working to restore all services.

Sony is making this disclosure as quickly as possible after the discovery of the theft, and the company has posted information on its website and will send e-mails to all consumers whose data may have been stolen.

The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:

name
address
e-mail address
birthdate
gender
phone number
login name
hashed password.
In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:

bank account number
customer name
account name
customer address.
SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a "make good" plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.

Additionally, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region.

Sony Online Entertainment LLC (SOE) has been a recognized worldwide leader in massively multiplayer online games since 1999. Best known for its blockbuster hits and franchises, including EverQuest®, EverQuest® II, Champions of Norrath®, PlanetSide®, Free Realms®, Clone Wars Adventures™, and DC Universe Online™, SOE creates, develops and provides compelling online entertainment for virtually all platforms, including the PlayStation®3 Computer Entertainment System, Personal Computer, mobile and social networks. SOE is building on its proven legacy and pioneering the future of the interactive entertainment space through creative development and inspired gameplay design for audiences of all ages. To learn more, visit http://www.soe.com.

For more information and update about the SOE services, please visit http://www.soe.com/securityupdate.

About Sony Corporation
Sony Corporation is a leading manufacturer of audio, video, game, communications, key device and information technology products for the consumer and professional markets. With its music, pictures, computer entertainment and on-line businesses, Sony is uniquely positioned to be the leading electronics and entertainment company in the world. Sony recorded consolidated annual sales of approximately $78 billion for the fiscal year ended March 31, 2010. Sony Global Web Site: http://www.sony.net/

About Sony Computer Entertainment Inc.
Recognized as the global leader and company responsible for the progression of consumer-based computer entertainment, Sony Computer Entertainment Inc. (SCEI) manufactures, distributes and markets the PlayStation® game console, the PlayStation®2 computer entertainment system, the PSP® (PlayStation®Portable) handheld entertainment system and the PlayStation®3 (PS3®) system. PlayStation has revolutionized home entertainment by introducing advanced 3D graphic processing, and PlayStation 2 further enhances the PlayStation legacy as the core of home networked entertainment. PSP is a handheld entertainment system that allows users to enjoy 3D games, with high-quality full-motion video, and high-fidelity stereo audio. PS3 is an advanced computer system, incorporating the state-of-the-art Cell processor with super computer like power. SCEI, along with its subsidiary divisions Sony Computer Entertainment America Inc., Sony Computer Entertainment Europe Ltd., and Sony Computer Entertainment Korea Inc. develops, publishes, markets and distributes software, and manages the third party licensing programs for these platforms in the respective markets worldwide. Headquartered in Tokyo, Japan, SCEI is an independent business unit of the Sony Group.
-http://www.soe.com/securityupdate/pressrelease.vm

Oar
Novice Crafter
Posts: 25
Joined: Sun Oct 26, 2008 4:24 pm

Re: SOE Customer Information may have been stolen

Post by Oar » Wed May 04, 2011 1:32 am

<ERASED>

Moderator's comment:
Do not use terms or wordings which for an international audience might have a tint of racism or intolerance. Remember that even though some expressions are commonly used and accepted in one city, state, or country, these may ring a completely different bell in the next.

See the forum rules for what is and what is not accepted at SWGCraft.

Zimoon
Last edited by Zimoon on Wed May 04, 2011 4:02 pm, edited 1 time in total.
Reason: Edited

Moo
Novice Crafter
Posts: 2
Joined: Sun Apr 17, 2011 7:45 pm

Re: SOE Customer Information may have been stolen

Post by Moo » Wed May 04, 2011 12:23 pm

Oar wrote:<ERASED>
While the sentiment is understood, and even possible ... fewer racial slurs next time?
Last edited by Zimoon on Wed May 04, 2011 4:04 pm, edited 1 time in total.
Reason: no need to reiterate the offence

Edra
Novice Crafter
Posts: 44
Joined: Mon Dec 31, 2007 5:48 pm

Re: SOE Customer Information may have been stolen

Post by Edra » Wed May 04, 2011 4:28 pm

My advise is to change your passwords when SOE gets its services back online.

User avatar
Zimoon
Forum Moderator
Posts: 4817
Joined: Mon May 14, 2007 6:55 am
Location: Stockholm, SE
Contact:

Re: SOE Customer Information may have been stolen

Post by Zimoon » Wed May 04, 2011 6:21 pm

Edra wrote:My advise is to change your passwords when SOE gets its services back online.
That is SOE's advice too :lol:

Azural
Novice Crafter
Posts: 23
Joined: Thu Feb 17, 2011 4:47 pm
Location: Out of my mind.

Re: SOE Customer Information may have been stolen

Post by Azural » Wed May 04, 2011 7:31 pm

Edra wrote:My advise is to change your passwords when SOE gets its services back online.
First thing on my agenda when the servers come back online.
Azural Industries :AI: Mos Carova, Tatooine. Starsider

Igin
Novice Crafter
Posts: 9
Joined: Mon Jul 02, 2007 8:48 pm
Location: Maine, USA
Contact:

Re: SOE Customer Information may have been stolen

Post by Igin » Wed May 04, 2011 8:30 pm

Would be nice to know when the servers will be back online. My harvs are gonna be full and shut down.

Edra
Novice Crafter
Posts: 44
Joined: Mon Dec 31, 2007 5:48 pm

Re: SOE Customer Information may have been stolen

Post by Edra » Wed May 04, 2011 9:04 pm

They state "There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment."

I dont know how much I can trust that. I called my bank and had the CC replaced.

ziso
Novice Crafter
Posts: 41
Joined: Tue Mar 18, 2008 12:25 pm
Location: UK

Re: SOE Customer Information may have been stolen

Post by ziso » Thu May 05, 2011 8:01 am

Looking forward to the next swgcraft update on my server when servers are online. 4+ days to do ouch lol
Think a SOE employee should log onto every server and do the next update for us all :lol:

Vedauwoo
Novice Crafter
Posts: 22
Joined: Sun Mar 25, 2007 2:01 pm
Location: The West

Re: SOE Customer Information may have been stolen

Post by Vedauwoo » Thu May 05, 2011 12:57 pm

Edra wrote:They state "There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment."

I dont know how much I can trust that. I called my bank and had the CC replaced.
You cannot trust that.....my CC number was hacked and used for illegal purchases in greece on the 14th or so of april.....and I have seen reports of others having similar charges show up from japan, germany and elsewhere...

I think this breech happened several days before they say it did.....as I had done nothing new or out of the ordinary with that card....
Image

dday
Novice Crafter
Posts: 5
Joined: Mon Jun 01, 2009 11:52 pm

Re: SOE Customer Information may have been stolen

Post by dday » Thu May 05, 2011 7:02 pm

Vedauwoo wrote:
Edra wrote:They state "There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment."

I dont know how much I can trust that. I called my bank and had the CC replaced.
You cannot trust that.....my CC number was hacked and used for illegal purchases in greece on the 14th or so of april.....and I have seen reports of others having similar charges show up from japan, germany and elsewhere...

I think this breech happened several days before they say it did.....as I had done nothing new or out of the ordinary with that card....

You might be right about the breach happening prior to what was stated by Sony. So many things happened with Sony that may have contributed to this intrusion. From the hack or crack that Geohot performed on the PS3, to the recent restructuring of Sony Online Entertainment. Although Sony claims they found a file named "Anonymous" and "We Are Legion" on a server, doesn't convince me that it was an outside intrusion. In fact, if I was a former employee of Sony, I would want them to think that, to throw them off my scent.

Anyways, canceling your credit cards, and filing a fraud watch is the best thing we can all do while we wait for SOE to go online.

Auq-Din
Novice Crafter
Posts: 21
Joined: Sun Apr 11, 2010 1:33 pm

Re: SOE Customer Information may have been stolen

Post by Auq-Din » Fri May 06, 2011 6:48 am

Vedauwoo wrote:
Edra wrote:They state "There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment."

I dont know how much I can trust that. I called my bank and had the CC replaced.
You cannot trust that.....my CC number was hacked and used for illegal purchases in greece on the 14th or so of april.....and I have seen reports of others having similar charges show up from japan, germany and elsewhere...

I think this breech happened several days before they say it did.....as I had done nothing new or out of the ordinary with that card....
Did you already have an account before January 2008? If these events are related and you did not, then it means that CC details have also been stolen from later accounts...

dday
Novice Crafter
Posts: 5
Joined: Mon Jun 01, 2009 11:52 pm

Re: SOE Customer Information may have been stolen

Post by dday » Fri May 06, 2011 11:20 pm

Your best action is to cancel whatever CC or type of payment you use for your SWG account. In addition, you should contact your creditors to have yourself put on a fraud alert status. Just to ensure if any of your information has been compromised, you have done all you could to protect yourself.
According to a letter from Howard Stringer, of Sony, they are going to be offering a identity protection package to Sony customers affected by the intrusion. However, this letter was posted on the PSN site, and not a SOE site related to games like SWG, EQ, etc... So I am not entirely sure what Sony is doing about getting SOE station and games online. It appears they are more interested in getting PSN online first.

Dom90210
Novice Crafter
Posts: 1
Joined: Mon Dec 22, 2008 1:29 am

Re: SOE Customer Information may have been stolen

Post by Dom90210 » Sat May 07, 2011 12:00 am

good thing I just used debit cards on them

Locked

Who is online

Users browsing this forum: No registered users and 4 guests