Sony PlayStation Network and online services Qriocity will begin a gradual resumption of this week, after the company took their off line in response to a "very sophisticated" intrusion, the company said Sunday.
Online games and access to film unexpired lease will be the first services to return to the PlayStation Network, while the Qriocity users will be able to use the music on demand service. Other functions, including the PlayStation Store, will be available in mid-May, said Kaz Hirai, Chief of the division of Sony game, during a press conference Sunday rare.
"We would like to extend our apologies for the users of many PlayStation Network and Qriocity which concerns us," said Hirai. "We potentially compromised data of their customers." We offer our most sincere apologies. ?
Reconstruction after attack
Sony had two services offline on 20 April, after an intrusion has been detected on network servers, living in a data center of AT & T in San Diego. Sony has discovered the intrusion after she was prevented to unusual network activity a day earlier, says Hirai. ("See also PlayStation Network Hack chronology").
Initially, Sony has responded by asking a computer security firm to investigate the intrusion. When it became apparent that the client information could have been stolen, Sony has used a second specialist company, says Hirai.
The FBI has launched a criminal investigation into the attack, he said.
Sony inquiry is continuing and, as such, the company have yet a clear picture of what was stolen exactly and number of accounts were affected. The company believes that there is high probability that personal information has been taken, including the names of user for the service and passwords in encrypted form, names, addresses, e-mail addresses and birth dates. Sony has not determined how many accounts were affected, but the attack could have effects on all the accounts of $ 77 million.
Status of uncertain user data
About 10 million accounts have their associated credit card numbers, but Sony said it had no evidence these figures were stolen. Numbers of credit card, unlike personal information, are stored in an encrypted database, while Sony has not said what encryption system was used.
Nevertheless, Sony advised customers to watch out for unusual activity on their credit card accounts. It has discovered any cases so far, says Hirai. Sony will pay the cost of credit card reissuing based on user requests.
The attack was launched from an application server that is behind a web server and two firewalls Sony network, said Shinji Hasejima, Sony Chief information officer.
"It was a very sophisticated technique that was used to access our system," said Hasejima.
The initial attack was disguised as a purchase, so has not been reported by network security systems. It exploits a vulnerability in the application server to plant software which was used to access the database server that was sitting behind the firewall third, said Hasejima.
Management at Sony, Entertainment Network International, the company that manages the network for both services platform, was not aware of the vulnerability, said Hasejima.
Strengthening security
The appointment of a Chief Security Officer information will be one of the measures taken by Sony to ensure that such error happen again, the company said. It also plans to add software automated systems to help protect against future attacks, and network activity monitoring unusual spot.
Return services, Sony intends to apply to all users to change their password for the account.
The company also plans to offer downloads of software selected at no charge and an extension of one month for users on the service of PlayStation Plus subscription.
No comments:
Post a Comment