More than 70 million Sony PlayStation Network customers are being warned to watch out for scams after the Japanese electronics giant admitted its systems have been hacked and personal information - possibly including credit card data - stolen.
After closing down its online gaming network last week, Sony has now begun e-mailing millions of users warning that "certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network."
The breach has left names, addresses, e-mail addresses and dates of birth compromised. Profile data, including purchase history and billing address, and PlayStation Network/Qriocity password security answers may also have been obtained.
Says the letter: "While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may also have been obtained."
The firm is warning users to watch out for e-mail, telephone, and postal mail scams and to change passwords when the service is back up and running.
In a blog explaining the delay in informing users about the hack, Sony says it found out about the intrusion on the 19 April and shut down the service but only realised the scope of the breach yesterday after bringing in outside experts and conducting forensic analysis.
However, users have reacted angrily to both the breach and Sony's handling of it, with many venting their fury through comments on the update blogs.
Says one, called carlosdfn: "This fiasco has completely changed my view of Sony. This is unacceptable and amateurish. It's like a bad joke. I hope that the people in charge of PSN's security are held responsible. Epic fail doesn't even begin to describe it, we're talking millions of people here who had their data compromised. The damage is done and people wont forget this."
Financial Fraud Action UK has moved to reassure worried Brits, issuing a statement insisting: "The banking industry has robust processes in place to protect its customers' accounts by monitoring for suspicious or irregular card transactions. If Sony confirms that card details have been compromised, and provides details to us of those accounts, card issuers can place alerts on these accounts. Further steps, such as blocking the account and/or issuing new cards can be taken if necessary. There is no need for customers to contact their bank or card company at this stage."
Update:
In its latest blog, Sony says: "The entire credit card table was encrypted and we have no evidence that credit card data was taken."