Sony presented evidence to the US Congress yesterday in the form of a letter that contained some detail of the PSN/SOE hacks including a timeline, but also some fascinating facts and figures regarding the 77 million user accounts on PSN.
First up, the network detail:
"The PSN is a complex network, consisting of approximately 130 servers, 50 software programs and 77 million registered accounts."
In response to the direct question, "How many PSN account holders provide credit card information to Sony Computer Entertainment?" Congress was informed:
"Globally, approximately 12.3 million account holders had credit card information on file on the PlayStation Network system. In the USA, approximately 5.6 million account holders had credit card information on file on the system."
The letter continued, "These numbers include active and expired credit cards."
While only 12.3 million people have added credit card details, however, Sony's letter does state that, "Information appears to have been stolen from all PlayStation Network user accounts, although not every piece of information in those accounts appears to have been stolen. The criminal intruders stole personal information from all of the approximately 77 million PSN and Qriocity service accounts."
The letter also provides a timeline of events:
April 19th 2011 at 4:15pm PDT - "...several PSN servers unexpectedly rebooted themselves and that unplanned and unusual activity was taking place on the network", "...members of the Sony Network Entertainment America Network Team (SNEANT) detected unauthorised activity system...".
April 20th (Early Afternoon) - "SNEANT discovered evidence that an unauthorised had occurred and that data of some kind had been transferred off the PSN servers without authorisation...", "SNEANT retained a recognised security and forensic consulting team to mirror servers to enable forensic analysis to begin..."
April 21st - "Sony retained a second recognised computer security and forensic consulting firm to assist in the investigation..."
April 22nd (Afternoon) - the 'team' "completed mirroring of nine of the 10 servers that were suspected of being compromised."
April 22nd - "SCEA's general counsel provided the FBI with information about the intrusion... a meeting was set up for Wednesday April 27th 2011."
April 23rd (Evening) - "the forensic teams were able to confirm that intruders had used very sophisticated and aggressive techniques to obtain unauthorised access, hide their presence from the system administrators, and escalate privileges inside the servers."
April 25th - "the forensic teams were able to confirm the scope of the personal data that they believed had been taken but could not rule out whether credit card information had been accessed."
April 26th - "SCNEA and SCEA notified consumers that their personal information had been taken and that the companies could not rule out the possibility that credit card data had been stolen as well."
April 27th - "SCNEA also notified regulatory authorities in the states of Hawaii, Louisiana, Maine, Massachusetts, Missouri, New York, North Carolina, South Carolina, Virginia and Puerto Rico of the criminal intrusion described above."
Sony's official timeline to Congress ends here. We've also noticed, however:
May 3rd - Sony releases information regarding theft of Credit Card information to the public via PSBlog.
We, like everybody else, are going over that letter with a fine-toothed comb.
First up, the network detail:
"The PSN is a complex network, consisting of approximately 130 servers, 50 software programs and 77 million registered accounts."
In response to the direct question, "How many PSN account holders provide credit card information to Sony Computer Entertainment?" Congress was informed:
"Globally, approximately 12.3 million account holders had credit card information on file on the PlayStation Network system. In the USA, approximately 5.6 million account holders had credit card information on file on the system."
The letter continued, "These numbers include active and expired credit cards."
While only 12.3 million people have added credit card details, however, Sony's letter does state that, "Information appears to have been stolen from all PlayStation Network user accounts, although not every piece of information in those accounts appears to have been stolen. The criminal intruders stole personal information from all of the approximately 77 million PSN and Qriocity service accounts."
The letter also provides a timeline of events:
April 19th 2011 at 4:15pm PDT - "...several PSN servers unexpectedly rebooted themselves and that unplanned and unusual activity was taking place on the network", "...members of the Sony Network Entertainment America Network Team (SNEANT) detected unauthorised activity system...".
April 20th (Early Afternoon) - "SNEANT discovered evidence that an unauthorised had occurred and that data of some kind had been transferred off the PSN servers without authorisation...", "SNEANT retained a recognised security and forensic consulting team to mirror servers to enable forensic analysis to begin..."
April 21st - "Sony retained a second recognised computer security and forensic consulting firm to assist in the investigation..."
April 22nd (Afternoon) - the 'team' "completed mirroring of nine of the 10 servers that were suspected of being compromised."
April 22nd - "SCEA's general counsel provided the FBI with information about the intrusion... a meeting was set up for Wednesday April 27th 2011."
April 23rd (Evening) - "the forensic teams were able to confirm that intruders had used very sophisticated and aggressive techniques to obtain unauthorised access, hide their presence from the system administrators, and escalate privileges inside the servers."
April 25th - "the forensic teams were able to confirm the scope of the personal data that they believed had been taken but could not rule out whether credit card information had been accessed."
April 26th - "SCNEA and SCEA notified consumers that their personal information had been taken and that the companies could not rule out the possibility that credit card data had been stolen as well."
April 27th - "SCNEA also notified regulatory authorities in the states of Hawaii, Louisiana, Maine, Massachusetts, Missouri, New York, North Carolina, South Carolina, Virginia and Puerto Rico of the criminal intrusion described above."
Sony's official timeline to Congress ends here. We've also noticed, however:
May 3rd - Sony releases information regarding theft of Credit Card information to the public via PSBlog.
We, like everybody else, are going over that letter with a fine-toothed comb.
Companies:
Sony
Read More Like This
Comments
usman 5 May 2011 09:32
1/14
give us the psn back man
hahhaha 5 May 2011 09:34
2/14
wheres ur evidence to back this story up come on get a life and stop making s**t up
more comments below our sponsor's message
bold 5 May 2011 10:02
3/14
nothing new,when is coming back the f@#~* sony back?
ami ukf k 5 May 2011 10:33
4/14
really getting annoying now!!!! Seriously considering gettin an x box wud rather pay for the service than it keep goin down since christmas my network hasbeen off 7-10 times this is beyond a joke said it would be back 2day and it ISNT!!!!!
Luke 5 May 2011 10:36
5/14
Everyone , Best thing is to stay carm and don't lose your temper or rag. It will come back up it isn't going to be forever. I am sure the Cridetcard will be sorted.
MSN : LukeyWookie@hotmail.com
MSN : LukeyWookie@hotmail.com
Luke 5 May 2011 10:40
6/14
@usman
It will come back in time :)
It will come back in time :)
WTF?@?@?@ 5 May 2011 10:45
7/14
c'mon psn has been down for 2 weeks. when is it coming back?? reply if u all agree!
ami ukf k 5 May 2011 10:47
8/14
mines been down 3wks :(
caffman 5 May 2011 11:53
9/14
Ok, I have 3 different PSN logins (1 uk, 1 USA, 1 Japanese) out of those 1 has credit card details on. Everyone I know with a PS3 has multiple accounts. So how many individual users does the PSN actually have?
config 5 May 2011 12:11
10/14
You are all idiots!!! 5 May 2011 17:13
11/14
You dumb bastards are more worried about playing some stupid ass video game rather than the possibility of your future getting ruined because your information was stolen? stop circle jerking with your little boyfriends and recognize the true problem in front of you...p.s. try getting laid you virgin idiots
RE You are all idiots!!! 5 May 2011 17:17
12/14
Um I don't agree with what you've said but you are absoloutely right that there are more pressing issues to consider. ID theft is one to take into consideration. Sony's credibility is shot and the lack of being informed is unacceptable.
Leon 5 May 2011 22:46
13/14
@hahhaha The official PlayStation Blog... http://blog.us.playstation.com/2011/05/04/sonys-response-to-the-u-s-house-of-representatives/
Melissa 6 May 2011 03:14
14/14
Yeah, I got a call from my bank today. They froze my account because two unauthorized transactions where trying to come through from another country. So this is serious if you had your card number online.