Nearly six days in, and Sony has finally sent out an email to the millions of affected PSN users explaining the prolonged downtime, and elaborating on the security implications of the "external intrusion" of the PlayStation Network. The most important new detail: Sony has determined that there has been "a compromise of personal information" as a result of the attack. The second most important new detail: "We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week."
So, what did the bad guys manage to steal? Uhh ... just about everything, it seems. Here's what's in the definitely jacked column: "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." Our takeaway: you'd better start changing passwords if you use the same one frequently. We'll leave the decision on whether or not to pack your bags and move away up to you.
In the possibly jacked column: "profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers." That leaves your credit card information, which ... well, we'll let Sony tell you itself: "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained." Yikes.
Sony provides a bunch of links for consumers to keep an eye on their data. Most important is probably the free credit report services. It also cautions PSN users to change their password when the service is back online. Lastly, while they never directly say as much, we're going to suggest making PSN purchases through other retailers instead of directly on Sony's service. Well, when it works again. But after that, stock up on some PSN points cards from anywhere else.
Update 5:22pm: While we're working on a more thorough piece about what little old you can do in the face of such overwhelming barbarism, we did want to share some short tips. Our first tip comes to us from friend-of-the-site Robin Yang, who (re)tweets: "To see what card you used w/ PlayStation Network, check your emails from 'DoNotReply@ac.playstation.net.'" Once you've figured out what that card is, call your bank and tell them you think it may have been compromised. That's one part of the security equation.
Next up is your password, and it's a little trickier. Giant Bomb's Patrick Klepeck asked Sony if there was any way to learn what password was attached to a PSN account and was told "there is currently no way to determine what password you were/are using on PSN." That means you should probably be changing everything. Then again, if you followed our pre-post recommendation, you've already done that.
Update 2 6:02pm: Maybe you live in Europe and, thanks to the cultural and geographic gulf that separates you from North America, you thought your data was safe? Wrong. SCEE has issued a similar notice on the UK PlayStation blog.
This is somewhat of a larger logical leap, but if you managed – however briefly! – to pair your Steam account with your now-compromised PSN account last week, you need not worry! A Valve rep told Joystiq, "Nothing to be worried about. Steam has nothing to do with the PSN outage." So stop worrying ... about that one thing. You can continue worrying about the PSN data breach.
