2011 PlayStation Network outage

Last updated
2011 PlayStation Network outage
PlayStation Network logo (2015).png
PlayStation Network logo
DateApril 20 – May 14, 2011 (2011-04-20 2011-05-14)
Duration24 days (3 weeks and 3 days)
Type"External intrusion", data breach
Target PlayStation Network and Qriocity services
Outcome
  • Services restored after 23 days of downtime, with compensation offered to PSN users
  • Personal data exposed for 77.1 million PlayStation Network accounts
  • $171 million in costs for Sony

The 2011 PlayStation Network outage (sometimes referred to as the PSN Hack) was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. [1] [2] [3] [4] The attack occurred between April 17 and April 19, 2011, [1] forcing Sony to deactivate the PlayStation Network servers on April 20. The outage lasted 23 days. [5]

Contents

Government officials in various countries voiced concern over the theft and Sony's one-week delay before warning its users. The breach resulted in the exposure and vulnerability of personally identifiable information including usernames, physical addresses, email addresses, dates of birth, passwords, and financial details such as credit card and debit card information. [6]

Extent of the breach

Personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. [1] [2] [3] [4]

Credit card data was encrypted, but Sony admitted that other user information was not encrypted at the time of the intrusion. [7] [8] The Daily Telegraph reported that "If the provider stores passwords unencrypted, then it's very easy for somebody else – not just an external attacker, but members of staff or contractors working on Sony's site – to get access and discover those passwords, potentially using them for nefarious means." [9] On May 2, Sony clarified the "unencrypted" status of users' passwords, stating that: [10]

While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form.

On october 45, nearly a week after the outage, Sony confirmed that it "cannot rule out the possibility" [11] that personally identifiable information such as PlayStation Network account username, password, home address, and email address had been compromised. Sony also mentioned the possibility that credit card data was taken—after claiming that encryption had been placed on the databases, which would partially satisfy PCI Compliance for storing credit card information on a server. Subsequent to the announcement on both the official blog and by e-mail, users were asked to safeguard credit card transactions by checking bank statements. This warning came nearly a week after the initial "external intrusion" and while the Network was turned off. [12]

At the time of the outage, with a count of 77 million registered PlayStation Network accounts, [13] it was not only one of the largest data security breaches, but also the longest PS Network outage in history. [14] [15] It surpassed the 2007 TJX hack which affected 45 million customers. [16]

In 2012, The Guardian wrote:

The attack, which may have leaked credit card details for millions of users, has never been traced to any group – although Sony suggested not long afterwards that Anonymous might have been involved. Since then it has given no further details about who it suspects of carrying out the attack, and no data from the attack has ever been posted publicly. [17]

Timeline of the outage

April 20, 2011

Sony acknowledged on the official PlayStation Blog that it was "aware certain functions of the PlayStation Network" were down. Upon attempting to sign in via the PlayStation 3, users received a message indicating that the network was "undergoing maintenance". [18] [19] The following day, Sony asked its customers for patience while the cause of outage was investigated and stated that it may take "a full day or two" to get the service fully functional again. [20] Sony suspended all PlayStation Network and Qriocity services worldwide. [21]

While most games remained playable in their offline modes, the PlayStation 3 was unable to play certain Capcom titles in any form. Streaming video providers throughout different regions such as Hulu, Vudu, Netflix and LoveFilm displayed the same maintenance message. Some users claimed to be able to use Netflix's streaming service [22] but others were unable. [23]

April 22, 2011

Sony announced an "external intrusion" had affected the PlayStation Network and Qriocity services. [24]

Sony expressed their regrets for the downtime and called the task of repairing the system "time-consuming" but would lead to a stronger network infrastructure and additional security. [25]

April 25, 2011

Sony spokesman Patrick Seybold reiterated on the PlayStation Blog that fixing and enhancing the network was a "time intensive" process with no estimated time of completion. [26] However, the next day Sony stated that there was a "clear path to have PlayStation Network and Qriocity systems back online", with some services expected to be restored within a week. Furthermore, Sony acknowledged the "compromise of personal information as a result of an illegal intrusion on our systems." [27]

April 26, 2011

On April 26, 2011, Sony explained on the PlayStation Blog why it took so long to inform PSN users of the data theft: [28]

There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.

April 27, 2011

Sony to provide an update in regards to a criminal investigation in a blog posted on April 27: "We are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible." [7]

May 1, 2011

Sony announced a "Welcome Back" program for customers affected by the outage. The company also confirmed that some PSN and Qriocity services would be available during the first week of May. [29] [30]

May 2, 2011

Sony issued a press release, according to which the Sony Online Entertainment (SOE) services had been taken offline for maintenance due to potentially related activities during the initial criminal hack. Over 12,000 credit card numbers, albeit in encrypted form, from non-U.S. cardholders and additional information from 24.7 million SOE accounts may have been accessed. [31] [32]

During the week, Sony sent a letter to the US House of Representatives, answering questions and concerns about the event. [33] In the letter Sony announced that they would be providing Identity Theft insurance policies in the amount of US$1 million per user of the PlayStation Network and Qriocity services, despite no reports of credit card fraud being indicated. This was later confirmed on the PlayStation Blog, where it was announced that the service, AllClear ID Plus powered by Debix, would be available to users in the United States free for 12 months, and would include Internet surveillance, complete identity repair in the event of theft and a $1 million identity theft insurance policy for each user. [34] [35]

May 3, 2011

Sony Computer Entertainment CEO Kazuo Hirai reiterated said the "external intrusion" which had caused them to shut down the PlayStation Network constituted a "criminal cyber attack". [36] Hirai expanded further, claiming that Sony systems had been under attack prior to the outage "for the past month and half", suggesting a concerted attempt to target Sony. [37]

On May 3 Sony stated in a press release that there may be a correlation between the attack that had occurred on April 16 towards the PlayStation Network and one that compromised Sony Online Entertainment on May 2. [31] This portion of the attack resulted in the theft of information on 24.6 million Sony Online Entertainment account holders. The database contained 12,700 credit card numbers, particularly those of non-U.S. residents, and had not been in use since 2007 as much of the data applied to expired cards and deleted accounts. Sony updated this information the following day by stating that only 900 cards on the database were still valid. [38] The attack resulted in the suspension of SOE servers and Facebook games. SOE granted 30 days of free time, plus one day for each day the server was down, to users of Clone Wars Adventures , DC Universe Online , EverQuest , EverQuest II , EverQuest Online Adventures , Free Realms , Pirates of the Burning Sea , PlanetSide , Poxnora , Star Wars Galaxies and Vanguard: Saga of Heroes , as well as other forms of compensation for all other Sony Online games.

May 4, 2011

Sony announced that it was adding Data Forte to the investigation team of Guidance Software and Protiviti in analysing the attacks. Legal aspects of the case were handled by Baker & McKenzie. [39] Sony stated their belief that Anonymous, a decentralized unorganized loosely affiliated group of hackers and activists may have performed the attack. [40] No Anons claimed any involvement. [41]

May 6, 2011

Sony stated they had begun "final stages of internal testing" for the PlayStation Network, which had been rebuilt. [42] However, the following day Sony reported that they would not be able to bring services back online within the one-week timeframe given on May 1, because "the extent of the attack on Sony Online Entertainment servers" had not been known at the time. [43] SOE confirmed on their Twitter account that their games would not be available until some time after the weekend. [44]

Reuters began reporting the event as "the biggest Internet security break-in ever". [45] A Sony spokesperson said: [46]

May 14, 2011

Various services began coming back online on a country-by-country basis, starting with North America. [47] These services included: sign-in for PSN and Qriocity services (including password resetting), online game-play on PS3 and PSP, playback of rental video content, Music Unlimited service (PS3 and PC), access to third party services (such as Netflix, Hulu, Vudu and MLB.tv), friends list, chat functionality and PlayStation Home. [47] The actions came with a firmware update for the PS3, version 3.61. [48] As of May 15 service in Japan and East Asia had not yet been approved. [49]

May 18, 2011

Sony shut down the password reset page on their site following the discovery of another exploit [50] that allowed users to reset other users' passwords, using the other user's email address and date of birth. [51] Sign-in using PSN details to various other Sony websites was also disabled, but console sign-ins were not affected. [50]

May 23, 2011

Sony stated that the outage costs were $171 million. [52]

Reaction

Graham Cluley, senior technology consultant at Sophos, said the breach "certainly ranks as one of the biggest data losses ever to affect individuals". [53]

Security experts Eugene Lapidous of AnchorFree, Chester Wisniewski of Sophos Canada and Avner Levin of Ryerson University (now Toronto Metropolitan University) criticized Sony, questioning its methods of securing user data. Lapidous called the breach "difficult to excuse" and Wisniewski called it "an act of hubris or simply gross incompetence". [54] [55] [56] [57]

Government reactions

US Senator Richard Blumenthal of Connecticut demanded answers from Sony about the data breach [58] by emailing SCEA CEO Jack Tretton arguing about the delay in informing its customers and insisting that Sony do more for its customers than just offer free credit reporting services. Blumenthal later called for an investigation by the US Department of Justice to find the person or persons responsible and to determine if Sony was liable for the way that it handled the situation. [59]

Congresswoman Mary Bono Mack and Congressman G. K. Butterfield sent a letter to Sony, demanding information on when the breach was discovered and how the crisis would be handled. [60]

Privacy Commissioner of Canada Jennifer Stoddart confirmed that the Canadian authorities would investigate. The Commissioner's office conveyed their concern as to why the authorities in Canada weren't informed of a security breach earlier. [61]

Following a formal investigation of Sony for breaches of the UK's Data Protection Act 1998, the Information Commissioner's Office fined Sony £250,000 ($395k) and issued a statement highly critical of the security Sony had in place:

If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn't happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough. There's no disguising that this is a business that should have known better. It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe. [62]

A lawsuit was posted on April 27 by Kristopher Johns from Birmingham, Alabama on behalf of all PlayStation users alleging Sony "failed to encrypt data and establish adequate firewalls to handle a server intrusion contingency, failed to provide prompt and adequate warnings of security breaches, and unreasonably delayed in bringing the PSN service back online." [63] [64] According to the complaint filed in the lawsuit, Sony failed to notify members of a possible security breach and storing members' credit card information, [65] a violation of PCI Compliance—the digital security standard for the Payment Card Industry.

A Canadian lawsuit against Sony USA, Sony Canada and Sony Japan claimed damages up to C$1 billion including free credit monitoring and identity theft insurance. [66] The plaintiff was quoted as saying, "If you can't trust a huge multi-national corporation like Sony to protect your private information, who can you trust? It appears to me that Sony focuses more on protecting its games than its PlayStation users". [67]

In October 2012 a California judge dismissed a lawsuit against Sony over the PSN security breach, ruling that Sony had not violated California's consumer-protection laws, citing "there is no such thing as perfect security". [68]

Compensation to users

In a press conference in Tokyo on May 1, Sony announced a "Welcome Back" program. As well as "selected PlayStation entertainment content" the program promised to include 30 days free membership of PlayStation Plus for all PSN members, while existing PlayStation Plus members received an additional 30 days on their subscription. Qriocity subscribers received 30 days. Sony promised other content and services over the coming weeks. [30]

Hulu compensated PlayStation 3 users for the inability to use their service during the outage by offering one week of free service to Hulu Plus members. [69]

On May 16, 2011, Sony announced that two PlayStation 3 games and two PSP games would be offered for free from lists of five and four, respectively. [70] [71] The games available varied by region [70] [71] and were only available in countries which had access to the PlayStation Store prior to the outage. [71] On May 27, 2011, Sony announced the "welcome back" package for Japan [72] and the Asia region (Hong Kong, Singapore, Malaysia, Thailand and Indonesia). [73] In the Asia region, a theme - Dokodemo Issyo Spring Theme - was offered for free in addition to the games available in the "welcome back" package. [73]

^† 5 PSP games are offered in the Japanese market. [72]

PS3 games available by region
GameNorth America [70] Europe (non-Germany) [71] Germany [71] Asia [73] Japan [72]
Wipeout HD/Fury YesYesYesYesYes
LittleBigPlanet YesYesYesNoNo
InFamous YesYesNoNoNo
Dead Nation YesYesNoNoNo
Super Stardust HD YesNoYesNoNo
Ratchet & Clank: Quest for Booty NoYesYesNoNo
Hustle Kings NoNoYesYesYes
The Last Guy NoNoNoYesYes
Trashbox NoNoNoYesNo
Come on, LocoRoco!! BuuBuu Cocoreccho NoNoNoYesYes
Echochrome: Overture NoNoNoNoYes
PSP games available by region
GameNorth America [70] Europe (non-Germany) [71] Germany [71] Asia [73] Japan [72]
LittleBigPlanet YesYesYesYesYes
ModNation Racers YesYesYesYesNo
Pursuit Force YesYesNoNoNo
Killzone Liberation YesYesNoNoNo
Everybody's Golf 2 NoNoYesNoNo
Buzz Junior Jungle Party NoNoYesNoNo
Everybody's Stress Buster NoNoNoYesYes
Locoroco Midnight Carnival NoNoNoYesYes
Patapon 2 NoNoNoNoYes
What Did I Do to Deserve This, My Lord? NoNoNoNoYes

^‡ Version of Killzone Liberation offered does not offer online gameplay functionality. [71]

Credit card fraud

There were reports on the Internet that some users experienced credit card fraud; [74] [75] [76] however, they were yet to be linked to the incident. Sony said that the CSC codes requested by their services were not stored, [77] but hackers may have been able to decrypt or record credit card details while inside Sony's network. [74]

On May 5, a letter from Sony Corporation of America CEO and President Sir Howard Stringer emphasized that there had been no evidence of credit card fraud and that a $1 million identity theft insurance policy would be available to PSN and Qriocity users. [35]

Sony PlayStation Controversies during a similar timeframe

In March 2010, Sony launched a firmware update for the PlayStation 3 which removed the ability to install third-party operating systems like Linux. [78] [79] This move sparked significant backlash from the modding community.

George Hotz, also known as Geohot, managed to jailbreak the PS3 firmware on January 2, 2011, and began sharing the jailbreak online shortly afterward. [80] In response, Sony sued Hotz on January 11, 2011, for his jailbreaking activities. [81]

The hacker group Anonymous initiated "Operation Sony" on April 2, 2011, as a form of protest. [79] Sony eventually settled the lawsuit with Hotz by April 11. [82] Following this, Anonymous called for a public protest against Sony on April 13. [79]

Related Research Articles

<span class="mw-page-title-main">PlayStation 3</span> Sonys third home video game console, part of the seventh generation

The PlayStation 3 (PS3) is a home video game console developed and marketed by Sony Computer Entertainment. The successor to the PlayStation 2, it is part of the PlayStation brand of consoles. It was first released on November 11, 2006, in Japan, November 17, 2006, in North America, and March 23, 2007, in Europe and Australasia. The PlayStation 3 competed primarily against Microsoft's Xbox 360 and Nintendo's Wii as part of the seventh generation of video game consoles.

PlayStation Network (PSN) is a digital media entertainment service provided by Sony Interactive Entertainment. Launched in November 2006, PSN was originally conceived for the PlayStation video game consoles, but soon extended to encompass smartphones, tablets, Blu-ray players and high-definition televisions. It succeeded Sony Entertainment Network in 2015 and this service is the account for PlayStation consoles, accounts can store games and other content.

Various accessories for the PlayStation 3 video game console have been produced by Sony and third-party companies. These include controllers, audio and video input devices like microphones, video cameras, and cables for better sound and picture quality.

<span class="mw-page-title-main">Remote Play</span> Video game console remote control function

Remote Play is a native functionality of Sony video game consoles that allow the PlayStation 3, PlayStation 4 and PlayStation 5 to wirelessly transmit video and audio output to a receiving device, which would also control the console. Remote Play works either nearby, when both the console and the receiver are on the same home local area network, or remotely via the Internet through Sony's servers.

OtherOS is a feature of early versions of the PlayStation 3 video game console, allowing user installed software, such as Linux or FreeBSD. The feature was removed since system firmware update 3.21, released on April 1, 2010.

<span class="mw-page-title-main">PlayStation Eye</span> Digital camera device for the PlayStation 3

The PlayStation Eye is a digital camera device, similar to a webcam, for the PlayStation 3. The technology uses computer vision and gesture recognition to process images taken by the camera. This allows players to interact with games using motion and color detection as well as sound through its built-in microphone array. It is the successor to the EyeToy for the PlayStation 2, which was released in 2003.

<span class="mw-page-title-main">PlayStation 3 system software</span> System software for the PlayStation 3

The PlayStation 3 system software is the updatable firmware and operating system of the PlayStation 3. The base operating system used by Sony for the PlayStation 3 is a fork of both FreeBSD and NetBSD known internally as CellOS or GameOS. It uses XrossMediaBar as its graphical shell.

The PlayStation Portable system software is the official firmware for the PlayStation Portable (PSP). It uses the XrossMediaBar (XMB) as its user interface, similar to the PlayStation 3 console.

<span class="mw-page-title-main">PlayStation 3 technical specifications</span> Overview of the PlayStation 3 technical specifications

The PlayStation 3 technical specifications describe the various components of the PlayStation 3 (PS3) video game console.

<i>Sony Computer Entertainment America, Inc. v. Hotz</i> Lawsuit between Sony Entertainment and hackers geohot and fail0verflow

SCEA v. Hotz was a lawsuit in the United States by Sony Computer Entertainment of America against George Hotz and associates of the group fail0verflow. It was in regards to jailbreaking and reverse engineering the PlayStation 3.

AllClear ID provides products and services meant to protect people and their personal information from threats related to identity theft. AllClear ID's main service providers include technology and customer service teams.

The PlayStation 3 (PS3) video game console has been produced in various models during its life cycle. At launch, the PlayStation 3 was available with either a 20 or 60 GB hard disk drive in the US and Japan, respectively— priced from US$499 to US$599; and with either a 40, 60, or 80 GB hard disk drive in Europe, priced from £299 to £425. Since then, Sony has released two further redesigned models, the "Slim" and "Super Slim" models. As of March 2017, the total number of consoles sold is estimated at 87.4 million.

Homebrew software was first run on the PlayStation 3 by a group of hackers under the name "Team Ice" by exploiting a vulnerability in the game Resistance: Fall of Man. Following various other hacks executed from Linux, Sony removed the ability to install another operating system in the 3.21 firmware update. This event caused backlash among the hacker communities, and eventually the group Fail0verflow found a flaw in the generation of encryption keys which they leveraged to restore the ability to install Linux. George Hotz (Geohot), often misattributed as the genesis of homebrew on the PS3, later created the first homebrew signed using the private "metldr" encryption key which he leaked onto the internet. Leaking the key led to Hotz being sued by Sony. The court case was settled out of court, with the result of George Hotz not being able to further reverse engineer the PS3.

Lizard Squad Hacker group

Lizard Squad was a black hat hacking group, mainly known for their claims of distributed denial-of-service (DDoS) attacks primarily to disrupt gaming-related services.

References

  1. 1 2 3 "PlayStation Network Restoration Begins". PlayStation Network / PSN News. United Kingdom: Sony. 2011-05-17. Archived from the original on 2016-03-03. Retrieved 2011-10-20.
  2. 1 2 "Sony faces legal action over attack on PlayStation network". BBC News. bbc.co.uk. 2011-04-28. Archived from the original on 2023-09-24. Retrieved 2011-04-29.
  3. 1 2 Richmond, Shane (2011-04-26). "Millions of internet users hit by massive Sony PlayStation data theft". London: Telegraph. Archived from the original on April 28, 2011. Retrieved 2011-04-29.
  4. 1 2 Griffith, Chris (2011-04-27). "PlayStation users in Australia urged to check credit card activity". Australian IT. The Australian. Archived from the original on 2023-03-21. Retrieved 2011-11-20.
  5. Owen Good (2011-05-20). "Welcome Back PSN: The Winners". Kotaku.com. Archived from the original on 2011-11-10. Retrieved 2011-06-02.
  6. Kolevski, David; Michael, Katina; Abbas, Roba; Freeman, Mark (2021-10-28). "Cloud computing data breaches: A review of U.S. Regulation and data breach notification literature". 2021 IEEE International Symposium on Technology and Society (ISTAS). IEEE. pp. 1–7. doi:10.1109/istas52410.2021.9629173. ISBN   978-1-6654-3580-2. Archived from the original on 2024-05-22. Retrieved 2024-03-15.
  7. 1 2 "Q&A #1 for PlayStation Network and Qriocity Services – PlayStation Blog". Blog.us.playstation.com. 2010-12-20. Archived from the original on 2011-05-14. Retrieved 2011-04-29.
  8. Stuart, Keith (2011-04-27). "PlayStation Network hack: why it took Sony seven days to tell the world | Technology | guardian.co.uk". London: Guardian. Archived from the original on 2023-03-21. Retrieved 2011-04-29.
  9. Williams, Christopher (2011-04-28). "PlayStation hack: Sony users urged to change passwords". London: Telegraph. Archived from the original on 2023-03-21. Retrieved 2011-04-29.
  10. "PlayStation Network Security Update – PlayStation Blog". Blog.us.playstation.com. 2011-05-02. Archived from the original on 2011-05-05. Retrieved 2011-05-07.
  11. "BBC News - Sony's PlayStation hack apology". Bbc.co.uk. 2011-04-19. Archived from the original on 2023-03-21. Retrieved 2011-04-29.
  12. Reynolds, Isabel (2009-02-09). "Furore at Sony after Playstation user data stolen". Reuters. Archived from the original on 2023-03-21. Retrieved 2011-04-29.
  13. "PlayStation Network and Qriocity Outage FAQ – PlayStation.Blog.Europe". Blog.eu.playstation.com. 28 April 2011. Archived from the original on 2011-05-04. Retrieved 2011-04-29.
  14. "PlayStation data breach deemed in 'top 5 ever' - Business - CBC News". Cbc.ca. 2011-04-27. Archived from the original on 2012-11-09. Retrieved 2011-04-29.
  15. "Video: Sony PlayStation - Hacker Breaks Into Network And Steals Details Of Millions Of Gamers | Technology | Sky News". News.sky.com. Archived from the original on 2023-03-21. Retrieved 2011-04-29.
  16. "PlayStation hack: top five data thefts". London: Telegraph. 2011-04-27. Archived from the original on 2023-03-21. Retrieved 2011-04-29.
  17. Arthur, Charles (2012-08-29). "LulzSec hacker arrested over Sony attack". The Guardian. ISSN   0261-3077. Archived from the original on 2024-05-22. Retrieved 2024-04-29.
  18. "Update on PSN Service Outages". United States: PlayStation Blog. 2011-04-20. Archived from the original on 2016-03-10. Retrieved 2011-04-29.
  19. "Timeline of Sony's PlayStation Network outage". hken.ibtimes.com. 2011-05-15. Archived from the original on 2011-05-18. Retrieved 2011-05-15.
  20. "Latest Update on PSN Outage". United States: PlayStation Blog. 2011-04-21. Archived from the original on 2016-05-07. Retrieved 2011-04-29.
  21. "PlayStation Knowledge Center | Support - PlayStation.com". us.playstation.com. 2011-01-10. Archived from the original on 2012-10-31. Retrieved 2011-04-29.
  22. Barrera, Rey. "Netflix-still-works-on-your-ps3-despite-the-outage". PSNation. Archived from the original on 27 April 2011. Retrieved 25 April 2011.
  23. "PlayStation Network Outage Bad News for Netflix and Hulu: Online Video News". Gigaom.com. Archived from the original on 2011-04-29. Retrieved 2011-04-29.
  24. "Update On PlayStation Network/Qriocity Services". United States: PlayStation Blog. 2011-04-22. Archived from the original on 2016-04-27. Retrieved 2011-04-29.
  25. "Latest Update for PSN/Qriocity Services – PlayStation Blog". Blog.us.playstation.com. 2011-04-23. Archived from the original on 2017-05-22. Retrieved 2011-04-29.
  26. "PSN Update – PlayStation Blog". Blog.us.playstation.com. 2011-04-25. Archived from the original on 2017-06-13. Retrieved 2011-04-29.
  27. "Update on PlayStation Network and Qriocity – PlayStation Blog". Blog.us.playstation.com. 2011-04-19. Archived from the original on 2011-04-26. Retrieved 2011-04-29.
  28. "Clarifying a Few PSN Points – PlayStation Blog". Blog.us.playstation.com. 2011-04-26. Archived from the original on 2011-05-07. Retrieved 2011-05-07.
  29. "Some PlayStation Network And Qriocity Services To Be Available This Week – PlayStation.Blog.Europe". Blog.eu.playstation.com. May 2011. Archived from the original on 2016-03-06. Retrieved 2011-05-01.
  30. 1 2 Yin-Poole, Wesley (2011-05-01). "PSN: Sony outlines "Welcome Back" gifts". PlayStation 3. United Kingdom: Eurogamer. Archived from the original on 2011-05-05. Retrieved 2011-10-20.
  31. 1 2 "Service Under Maintenance". SOE. 2010-03-31. Archived from the original on 2013-02-02. Retrieved 2011-05-04.
  32. "Sony Confirms Thousands Of Credit Cards Stolen During Hack - GameInformer News". Game Informer. 2011-05-02. Archived from the original on 2016-02-02. Retrieved 2011-05-02.
  33. "Sony's Response to the U.S. House of Representatives – PlayStation Blog". Blog.us.playstation.com. 2010-12-20. Archived from the original on 2011-05-06. Retrieved 2011-05-07.
  34. "Sony Offering Free 'AllClear ID Plus' Identity Theft Protection in the United States through Debix, Inc. – PlayStation Blog". Blog.us.playstation.com. 5 May 2011. Archived from the original on 2011-07-11. Retrieved 2011-05-07.
  35. 1 2 "A Letter from Howard Stringer – PlayStation Blog". Blog.us.playstation.com. 2010-12-20. Archived from the original on 2011-05-06. Retrieved 2011-05-07.
  36. Watt, Peggy (30 April 2011). "Sony: PlayStation Network Resumes This Week". pcworld.com. Archived from the original on 3 August 2023. Retrieved 2 May 2011.
  37. Fletcher, JC (2011-05-01). "PSN 'welcome back program' includes a free download, 30 days free PlayStation Plus, Qriocity". joystiq.com. Archived from the original on 2012-07-15. Retrieved 2011-05-02.
  38. "24.6 million SOE accounts potentially compromised". News. gamesindustry.biz. 2011-03-21. Archived from the original on 2011-05-06. Retrieved 2011-05-04.
  39. "Another team added to Sony's PSN investigation". VG247. 4 May 2011. Archived from the original on 2012-09-26. Retrieved 2011-05-04.
  40. Bartz, Diane (2011-04-26). "Sony blames Anonymous for stage-setting theft". Reuters. Archived from the original on 2023-03-21. Retrieved 2011-05-04.
  41. "Hackers deny involvement in PlayStation Network outage". 22 April 2011. Archived from the original on 21 March 2023. Retrieved June 9, 2011.
  42. "Important Step for Service Restoration – PlayStation.Blog.Europe". Blog.eu.playstation.com. 2011-05-06. Archived from the original on 2016-05-26. Retrieved 2011-05-07.
  43. JC Fletcher (2011-05-06). "PSN reactivation delayed for 'further testing,' likely not coming back this week". Joystiq. Archived from the original on 2011-05-08. Retrieved 2011-05-07.
  44. "Twitter / @Sony Online Ent.: We wanted to let you know ..." twitter.com. 2011. Archived from the original on 28 May 2022. Retrieved 16 May 2011.
  45. Reynolds, Isabel (2011-05-06). "Sony CEO apologises for data theft; shares fall 2 pct". Reuters. Archived from the original on 2023-03-21. Retrieved 2011-05-07.
  46. Reynolds, Isabel (2011-05-06). "Sony removes data posted by hackers, delays PlayStation restart". Reuters. Archived from the original on 2023-03-21. Retrieved 2013-10-10.
  47. 1 2 "Sony Global - News Releases - RESTORATION OF PLAYSTATIONNETWORK AND QRIOCITY SERVICES BEGINS". Sony. May 15, 2011. Archived from the original on March 3, 2016. Retrieved May 15, 2011.
  48. "PS3 System Software Update - PlayStation Blog". PlayStation Blog. May 14, 2011. Archived from the original on June 4, 2016. Retrieved May 15, 2011.
  49. Mochizuki, Takashi (2010-04-07). "Japan Restart of Sony Online Games Services Not Yet Approved". FoxBusiness.com. Archived from the original on 2011-06-03. Retrieved 2011-06-02.
  50. 1 2 "Sony's PSN password page exploit". Eurogamer. May 18, 2011. Archived from the original on March 26, 2016. Retrieved May 18, 2011.
  51. "Report: Sony PlayStation Network Password Reset Page Exploited, Customer Accounts Potentially Compromised". Kotaku. May 18, 2011. Archived from the original on October 17, 2012. Retrieved May 18, 2011.
  52. "PlayStation Hack to Cost Sony $171M; Quake Costs Far Higher". PC Magazine. May 23, 2011. Archived from the original on January 6, 2018. Retrieved August 23, 2017.
  53. Richmond, Shane (April 26, 2011). "Millions of internet users hit by massive Sony PlayStation data theft". London: Telegraph. Archived from the original on April 28, 2011. Retrieved April 29, 2011.
  54. Brightman, James (2011-05-03). "Sony Breach 'Difficult to Excuse' Say Security Experts". IndustryGamers. Archived from the original on 2011-05-05. Retrieved 2011-05-05.
  55. Chung, Emily (2011-05-03). "Sony data breach update reveals 'bad practices'". CBC News. Archived from the original on 2012-08-01. Retrieved 2011-05-05.
  56. Westervelt, Robert (2011-05-03). "Sony attack: Sony expands scope of its massive data security breach". SearchSecurity.com. Archived from the original on 2011-05-05. Retrieved 2011-05-05.
  57. Schwartz, Matthew J. (2011-05-03). "Sony Reports 24.5 Million More Accounts Hacked". InformationWeek. Archived from the original on 2011-05-05. Retrieved 2011-05-05.
  58. "Blumenthal Demands Answers from Sony over Playstation Data Breach". Richard Blumenthal-US senator for Connecticut: Home. Archived from the original on May 5, 2011. Retrieved 2011-04-26.
  59. "Blumenthal Calls for DOJ Investigation of Sony Playstation Data Breach". Richard Blumenthal-US senator for Connecticut: Home. 28 April 2011. Archived from the original on 2011-05-05. Retrieved 2011-04-29.
  60. "US lawmakers press Sony for info on data breach". Associated Press. 2011-04-29. Archived from the original on 2011-09-30. Retrieved 2011-04-30.
  61. "Privacy Commissioner's office looking into Sony PlayStation hack". Canada.com. Retrieved 2011-04-29.[ permanent dead link ]
  62. "Crap security lands Sony £250k fine for PlayStation Network hack". The Register . Archived from the original on 2018-01-07. Retrieved 2017-08-23.
  63. Ogg, Erica (2011-03-24). "Sony sued for PlayStation Network data breach | Circuit Breaker - CNET News". News.cnet.com. Archived from the original on 2011-05-04. Retrieved 2011-04-29.
  64. "Johns v. Sony Computer Entertainment America LLC et al". Justia. 2011-05-03. Archived from the original on 2011-05-05. Retrieved 2011-05-03.
  65. Schwartz, Mathew J. "Sony Sued Over PlayStation Network Hack". InformationWeek. Archived from the original on 2011-04-29. Retrieved 2011-04-29.
  66. "Canadian Law Firm Files $1 Billion Lawsuit Against Sony Over PSN Data Breach". Gamasutra. 2011-05-04. Archived from the original on 2011-05-05. Retrieved 2011-05-04.
  67. "Sony PlayStation Network Down: PSN Hit with $1.04B Class Action Suit". Gather. 2011-05-04. Archived from the original on 2011-05-07. Retrieved 2011-05-04.
  68. "Sony PSN hacking lawsuit dismissed by judge". Archived from the original on 2013-01-30. Retrieved 2012-12-19.
  69. Jackson, Leah (2011-04-27). "Hulu Offering Free Credit For PS3 Subscribers". TheFeed. G4tv.com. Archived from the original on 2012-10-17. Retrieved 2011-10-20.
  70. 1 2 3 4 "Details for PlayStation Network and Qriocity Customer Appreciation Program in North America". PlayStation Blog. May 16, 2011. Archived from the original on May 1, 2016. Retrieved May 17, 2011.
  71. 1 2 3 4 5 6 7 8 "Details Of The Welcome Back Programme For SCEE Users". PlayStation Blog. May 16, 2011. Archived from the original on April 19, 2016. Retrieved May 17, 2011.
  72. 1 2 3 4 "PlayStationNetwork・Qriocity(キュリオシティ)の一部サービス  日本およびアジアの国・地域でも再開" (in Japanese). SCEJ. May 27, 2011. Archived from the original on 3 March 2016. Retrieved 20 October 2011.
  73. 1 2 3 4 "Welcome Back Package for Hong Kong, Singapore, Malaysia, Thailand and Indonesia". PlayStation.com. May 27, 2011. Archived from the original on March 6, 2016. Retrieved May 28, 2011.
  74. 1 2 "PlayStation users reporting credit card fraud". 30 April 2011. Archived from the original on 1 May 2011. Retrieved April 30, 2011.
  75. "Hackers run up debt for PlayStation user". ABC News. 27 April 2011. Archived from the original on 2011-07-12. Retrieved April 30, 2011.
  76. Arthur, Charles (2011-04-29). "Hackers claim to have 2.2 million card details". The Guardian. London. Archived from the original on 2024-05-22. Retrieved April 30, 2011.
  77. "Q&A #1 for PlayStation Network and Qriocity Services – PlayStation Blog". blog.us.playstation.com. 2011. Archived from the original on 14 May 2011. Retrieved 16 May 2011.
  78. "PS3 Firmware (v3.21) Update". PlayStation.Blog. 2010-03-28. Archived from the original on 2019-04-26. Retrieved 2022-09-13.
  79. 1 2 3 PSN Hack Attack Summary, IGN, 6 May 2011, archived from the original on 2022-09-13, retrieved 2022-09-13
  80. "Geohot releases PS3 jailbreak for firmware 3.55, world ceases to have any meaning". Engadget. 9 January 2011. Archived from the original on 2023-10-01. Retrieved 2022-09-13.
  81. "Sony follows up, officially sues Geohot and fail0verflow over PS3 jailbreak". Engadget. 12 January 2011. Archived from the original on 2017-10-19. Retrieved 2022-09-13.
  82. "Sony and hacker GeoHot call a truce in bitter legal battle". NBC News. 11 April 2011. Archived from the original on 2023-10-01. Retrieved 2022-09-13.