Everything You Need to Know About the Sony PlayStation Network Fiasco

  • Share
  • Read Later

Your worldwide network hacked, your online service in shambles, over 75 million user accounts compromised, US Senators writing letters scolding you for keeping mum longer than you should’ve–if Sony’s had worse weeks, I couldn’t name one.

(More on TIME.com: Watch 9 crazy people go all “Office Space” on their PlayStations)

That’s right, today marks the one-week anniversary of the PlayStation Network outage, and to celebrate, we’ve pulled together a list of everything we know so far about what’s quickly become the most piled-on tech story of 2011 to date.

What Happened

Last Wednesday, April 20th, the PlayStation Network as well as Sony’s Qriocity media streaming service mysteriously ceased to work. Late in the day, Sony said it was “aware certain functions of PlayStation Network [were] down” and that it would report back “soon” with more information.

On Thursday, April 21st, Sony noted it was “investigating the cause of the Network outage” and that it might be “a full day or two” before service would resume.

On Friday, April 22nd, Sony revealed an “external intrusion” had “affected” its PlayStation Network and Qriocity services, and that it voluntarily “turned off” both to “conduct a thorough investigation and to verify the smooth and secure operation” of its network services rolling forward.

On Saturday, April 23rd, Sony said the fix involved “re-building our system to further strengthen our network infrastructure,” and that while the task was “time-consuming,” it was “worth the time necessary to provide the system with additional security.”

Skipping to Monday, April 25th, Sony said it had nothing new to say about the outage, and no “timeframe to share at this point in time.”

On Tuesday, April 26th, the proverbial you-know-what hit the fan, as Sony surprised over 75 million PSN users (and the world watching) by admitting “a compromise of personal information as a result of an illegal intrusion on [its] systems.” Sony said the compromise occurred between April 17th and 19th, and that it involved personal information (names, addresses, birthdates, etc.), PSN/Qriocity account login names and passwords, and user transactional histories (purchases, billing addresses, etc.). The company cautioned that credit card information might have been obtained as well, though noting there was no evidence for it “at this time.”

Also on Tuesday, April 26th:

  • Sony claimed “a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised,” adding that it took forensic analysts until Monday, April 25th to determine a security breach had occurred.
  • Senator Richard Blumenthal wrote a letter to Sony demanding answers about the data breach.
  • Sony issued a FAQ collecting its PlayStation blog updates (though the most important questions are answered with a “no comment”).

And (so far) on Wednesday, April 27th:

  • Britain’s data protection watchdog says it will “be making further enquiries [of Sony] to establish the precise nature of the incident.

What Hackers Did (and Claim They Didn’t)

On January 2nd, 2011, hacker George “Geohot” Hotz handed the keys to Sony’s kingdom to the public by posting the PlayStation 3’s security “root keys” to his personal website. On January 11th, Sony sued Hotz (and others) for DMCA violations, fraud, and copyright infringement.

On April 4th, hacker group Anonymous targeted Sony’s online services (as well, allegedly, Sony employees and their children) in distributed denial of service attacks intended to cripple or take down the company’s services. Sony appeared to acknowledge the attack in a PlayStation blog update, stating it was “aware certain functions of PlayStation Network are down.” The attacks appeared to cease a day or two later.

On April 11th, Sony settled its lawsuit with Hotz.

Shortly after the PlayStation Network went down last Wednesday, April 20th, Anonymous wrote on its public site “For Once We Didn’t Do It,” though admitting “it could be the case that other Anons have acted by themselves.” But it denied any attack was an official Anonymous undertaking, that the group “does not take responsibility for whatever has happened,” and suggested that Sony “is taking advantage of Anonymous’ previous ill-will towards the company to distract users from the fact that the outage is actually an internal problem with the company’s servers.”

What Happens Next

Expect the media to run with the story for days and churn what’s already been said (much of it superfluous), and expect “analysts” to weigh in daily on the near and long term ramifications for Sony (much of it common sense). You’ll want to be wary of sources that attempt to pass off speculation as either news or insight.

Expect Sony to continue its informational trickle, possibly releasing further details on the extent of the data breach (and addressing the question of credit card theft), as well as notes on the anticipated re-launch timeframe of the PlayStation Network. At this point, no one knows how long that’ll actually be, and Sony hasn’t said.

What You Can Do in the Meantime

Follow Sony’s official advice to the letter, including being “especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information,” and remembering to “remain vigilant, to review your account statements and to monitor your credit reports.”