Sony's acknowledgement that hackers have compromised its PlayStation Network put 70 million subscribers on alert — and left a lot of people with a lot of questions.
The security breach has many people worried about identity theft and, if they had made a digital purchase on the console, whether their credit card information is safe. Finding the answers can be a challenge, so here's what you need to know about what the attack means for you.
Am I Impacted?
If you've got an account on the PlayStation Network, yes. The hacker was able to access information from every user, including your address, birthday, email address and username/password. A PSN account isn't mandatory for PlayStation 3 or PSPS (PlayStation Portable) owners, but most people have one. It's the only way to play online against friends and others and it's required if you want to digitally download games, movies and TV shows, as well as for the Qriocity music service which was also compromised.
Do I Need to Cancel My Credit Card?
Sony , at this point, is still not certain whether the hacker gained access to credit card information. It has yet to discover any evidence that that sort of data was taken, but it can't rule out the possibility. If the worst case proves true, you won't be held responsible for any fraudulent charges. However, getting them removed from your bill is a hassle and if you don't check your bill carefully, you may not instantly notice them.
So while there's no urgent reason to cancel the card, it still might be prudent to do so. This is a case of suffering a minor inconvenience now versus a potentially big one later.
Should I Be Worried About Identity Theft?
The one piece of good news in this situation is that Sony did not have users' social security numbers on file. Had those been compromised, the hacker (or hackers) could have caused some substantial damage. With the data that was obtained, you should be more on alert for phishing schemes — fraudulent parties using the personal information to pose as Sony and gather more critical data from users. Sony warned about this in its announcement yesterday.
It's still wise to be on guard, though. Monitor your credit statements and have the three credit bureaus Experian, Equifax and TransUnion put a "fraud alert" on your account. This will let creditors know to take extra steps to verify information before extending any new or additional credit in your name.
I'm Paying a Subscription Fee. Will I Get My Money Back?
While Sony does not charge most users a monthly fee for access to the PlayStation Network as Microsoft does with Xbox Live, there are some exceptions. A subscription to PlayStation Plus, which gives early access to demos, priority invitations to game beta tests and discounts on products in its online store, costs $50 per year. The Qriocity music service, which was also impacted, carried a $4 per month subscription fee.
Sony hasn't detailed how it plans to compensate those subscribers, but has indicated it will do so, saying "While we are still assessing the impact of this incident, we recognize that this may have had financial impact on our loyal customers. We are currently reviewing options and will update you when the service is restored."
With third-party services you access through the PS3, such as Netflix or Hulu Plus, it's a little trickier. Netflix hasn't announced any plans, but Hulu says it will offer a one-week credit to affected subscribers.
Why Did Sony Wait Six Days to Alert Me to This?
Sony has come under fire for not being transparent about the severity of this attack from both privacy rights advocates and even U.S. Senator Richard Blumenthal, who said in a note to the company "When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised."
Sony says it didn't realize the extent of the problem until Tuesday, noting on its blog "We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly (Tuesday) afternoon."
When Will the PlayStation Network Be Back Online?
That's still up in the air. Sony says it expects to restore "some services within a week," but it's unclear what those will be. The company certainly has incentive to do so, though, as not only are players unable to play multiplayer games; Several titles, including some of the biggest from Capcom, require online authentication before players can access the single player mode, reducing that $60 game disc into little more than an expensive coaster.
Will it Be More Secure When it is Turned Back On?
Sony certainly hopes so. The company says it is rebuilding the system to enhance security and strengthen its network infrastructure. There is still no estimate on how long it will take to fully accomplish this, but the company says it is "working day and night to ensure it is done as quickly as possible".