[PSA for PSN users, from your pals at Joystiq: Before you start reading this informative news post, go change every internet password you've ever had. Done? Okay, read on!]
Nearly
six days in, and Sony has finally sent out an email to the millions of affected PSN users explaining the prolonged downtime, and elaborating on the security implications of the "
external intrusion" of the PlayStation Network. The most important new detail: Sony has determined that there has been "a compromise of personal information" as a result of the attack. The second most important new detail: "We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week."
So, what did the bad guys manage to steal? Uhh ... just about everything, it seems. Here's what's in the
definitely jacked column: "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." Our takeaway: you'd better start changing passwords if you use the same one frequently. We'll leave the decision on whether or not to
pack your bags and move away up to you.
In the
possibly jacked column: "profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers." That leaves your credit card information, which ... well, we'll let Sony tell you itself: "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained." Yikes.
Sony provides a bunch of links for consumers to keep an eye on their data. Most important is probably the free credit report services. It also cautions PSN users to change their password when the service is back online. Lastly, while they never directly say as much, we're going to suggest making PSN purchases through other retailers instead of directly on Sony's service. Well, when it works again. But after that, stock up on some PSN points cards from
anywhere else.
[
Update 5:22pm: While we're working on a more thorough piece about what little old you can do in the face of such overwhelming barbarism, we did want to share some short tips. Our first tip comes to us from friend-of-the-site
Robin Yang, who (re)tweets: "To see what card you used w/ PlayStation Network, check your emails from 'DoNotReply@ac.playstation.net.'" Once you've figured out what that card is, call your bank and tell them you think it may have been compromised. That's one part of the security equation.
Next up is your password, and it's a little trickier.
Giant Bomb's Patrick Klepeck asked Sony if there was any way to learn what password was attached to a PSN account and was told "there is currently no way to determine what password you were/are using on PSN." That means you should probably be changing everything. Then again, if you followed our pre-post recommendation, you've already done that.]