Millions of PlayStation users have been warned that their personal information, including possibly their credit card details, may have been stolen after a hack attack hit the network.
The PlayStation Network, which enables PlayStation 3 and PlayStation Portable console users to buy and play games online and chat together, is still down after a hack attack last week.
Users have now been warned that the security of their personal details may have been compromised. In a statement on its website, Sony said it would email those who are suspected to be victims. The Network has 70 million users worldwide, including three million in the UK.
Sony said: “We don’t have an exact date to share at this moment as to when we will have the services turned on, but are working day and night to ensure it is as quickly as possible.
“Please note that we are as upset as you are regarding this attack and are going to proceed aggressively to track down those that are responsible.”
The company said it has no direct evidence that credit card information was taken, but said “we cannot rule out the possibility”.
Purchase history and credit card billing address information may have been stolen but the intruder did not obtain the three-digit security code on the back of cards, Sony said. But names, PlayStation log-ins, email addresses and birth dates could also have been taken by the hackers, who struck between April 17 and 19.
Expert Josh Shaul, Chief Technology Officer for Application Security Inc., which makes database security software, said the intrusion could be “one of the worst breaches we’ve seen in years”.
He added that the lack of evidence that credit card details had been stolen could mean that Sony might just not know yet which files were affected.
“They indicated that they’re worried about it, which is probably a very strong indication that everything was stolen,” he added.
If the hackers have managed to steal credit card information, the intrusion would rank among the largest known thefts of financial data ever.
Sony said it had hired an external firm to look into the breach, and had already taken steps to strengthen its infrastructure. It urged users to be wary of email, telephone and postal scams.