It has been revealed that the Playstation Network, which has been experiencing a prolonged outage during the Easter holiday period, has suffered a security breach.

The network allows owners of the Playstation games console to play against each other over the Internet.

Nick Caplin, Head of Communications at Sony Europe, writing on the Playstation blog said, “we have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.”

The incident is still being investigated but Sony believe personal details, including name, address, email address, date of birth, Playstation network usernames, ids and passwords have been obtained by an unauthorised person.

Profile information, purchase history, billing address and even PS network security question answers (that you give in case you need to reset your password) may have also been accessed.

There is no evidence at present that credit card data was accessed.  However, Caplin went on to advise customers that “…we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may also have been obtained.”

Following the discovery the service was shut down on 20 April and remains offline at the present time.

It is interesting that, in all this, Sony have not made any mention of encryption.  Can we, from that, assume that none of this sensitive personal and financial data was encrypted?

The whole mess is certainly a huge PR disaster and, although it is easy for me to criticise, displays a total lack of responsibility by a large company with a trusted brand name holding a large about of consumer data.

http://blog.eu.playstation.com/