As the PlayStation Network outage continues, Sony said Monday that it has taken down its massively multiplayer online games on Sony Online Entertainment and Facebook. The PSN outage is now deep into its second week, although the company has said that some services will be restored within a week and all services by the end of May.
The company said that, "in the course of our investigation into the intrusion into our systems, we have discovered an issue that warrants enough concern" to bring down the games. The temporary action was effective immediately, and Sony said it would provide an update later in the day.
Up To 10 Million Credit Cards
After waiting days following the initial PSN outage to reveal that credit-card numbers were exposed in the security breach, Sony now says that up to 10 million credit-card numbers may have been obtained by hackers. The numbers were encrypted, although other confidential user information such as names, usernames, e-mail addresses, and birth dates, was not.
More details about the outage are emerging. According to news reports, the hacker gained entry to Sony's Qriocity music service between April 17 and 19. On the 19th, Sony discovered the intrusion and locked that system. On the 20th, it shut down PSN. Three outside companies were hired to investigate the breach.
In an effort to improve its now-sullied reputation, Sony is offering a free 30-day subscription to new PSN users, and a temporary premium membership for existing users. Credit-card holders will get free identity-theft protection. The company also said it has created a new position of chief security information officer for Sony Computer Entertainment.
At first, Sony had said the shutdown was the result of an "external intrusion," but last week began describing it as "a criminal attack against our system and against our customers," and said the company was working with law enforcement.
A variety of Sony watchers have surmised that the attack could have been by members of the Anonymous hacker group. Anonymous has denied its involvement while simultaneously posting updates to its Facebook page that suggest it could have been involved. On its AnonNews web site, where anyone can post, a notice went up shortly after the network came down titled For Once We Didn't Do It.
The posting said that, while some individual Anons could "have acted by themselves," AnonOps was not involved and "does not take responsibility for whatever has happened." However, on Anonymous' Facebook page, the page owner posted that "we have no qualms about our actions" while discussing the outage.
Meanwhile, Sen. Richard Blumenthal (D-Conn.) has written Sony, saying a security breach of this size "raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data." Britain's information commissioner has also said he will be looking into the situation.