Skip to main content

Five years ago today, Sony admitted the great PSN hack

The one where 77m users' personal details were put at risk.

Five years ago, PlayStation Network was hacked and the personal details of 77m users accessed.

It was the largest security breach of its kind to ever hit console gamers, and an event with huge repercussions for PlayStation - both in the short term for its users, left for weeks without access to online services, and longer term as Sony sought to win back customer trust.

It began with Anonymous, the umbrella-term hacktivist group which had been bombarding Sony's servers with distributed denial of service (DDOS) attacks. Anonymous had brought PSN to its knees several times in April 2011 in the run-up to the actual privacy breach.

Anonymous was upset with Sony's "wholly unforgivable" legal actions against PS3 jailbreaker George "Geohot" Hotz. In Anonymous' eyes, the information Geohot had discovered - how to run pirated games, how to run homebrew software - was now in the public domain, and if anything, Hotz had done Sony a favour by exposing the company's own loophole.

The group eventually halted its attacks, accepting they were only hurting Sony's end users: the gamers. But, a couple of weeks later, on 19th April 2011, PSN was hit again. This time, it was different.

Two days passed, then Sony itself quietly pulled PSN offline.

"As you are no doubt aware, the current emergency outage is continuing this afternoon and all Sony Online Network services remain unavailable," the platform holder informed PSN users on 21st April.

"Our support teams are investigating the cause of the problem, including the possibility of targeted behaviour by an outside party. Our engineers are continuing to work to restore and maintain the services, and we appreciate our customers' continued support."

It was the first day of the PSN outage. The network would not come online again for another three weeks, until 14th May.

As the first day wore on, Sony warned customers it might take up to 48 hours before they could log in again.

The following day, Sony confessed - there had been an "external intrusion" and it was now conducting a "thorough investigation to verify the smooth and secure operation of our network services going forward".

But, so far, there had been no warning anyone's personal details were at risk. That news would not be confirmed by Sony for another four days.

A week into the outage, and Sony had remained silent on the exact cause. Speculation centred on Sony pulling the plug on PSN to thwart further attempts at its systems. But the updates from Sony itself remained positive, if slightly evasive. Sony engineers were "working around the clock" to restore services, PSN users were repeatedly reassured.

It was the evening of 26th April when Sony finally broke the bad news: the personal details of millions had been compromised.

"Although we are still investigating the details of this incident, we believe that an unauthorised person has obtained the following information that you provided," Sony admitted.

This meant users' names, home addresses, email addresses, birth dates, PSN passwords and usernames.

PSN profile data, purchase history and billing address and security question answers were also at risk.

Worse, Sony could "not rule out the possibility" that credit card data had also been stolen.

"If you have provided your credit card data through PlayStation Network, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained," Sony concluded. Oops.

When word broke that personal details had indeed been stolen, gamers were understandably incensed. Not only had Sony's systems failed, the company had taken a full week to make PSN users aware.

For a taste of how we were feeling at the time, Rich wrote this piece on the security side of things, and how hackers had posted chat logs talking of Sony's outdated security. He deemed the hack "one of the biggest security breaches of the internet age".

Within hours, an embattled Sony was forced to explain why it had waited so long to tell its customers the extent of the damage.

"There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised," Sony's director of communications Patrick Seybold said.

"We learned there was an intrusion 19th April and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident.

"It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon."

PSN users rushed to change their passwords elsewhere - but could not alter their details on PSN itself as the service remained offline.

Within 24 hours, the first class action lawsuit had been filed. Meanwhile, analysts were quick to point out the huge task Sony had ahead of it to regain user trust.

In the days that followed, PSN stayed offline. Anonymous was implicated in the attack, the UK government weighed in and promised an investigation from the Information Commissioner's Office, and Sony Corporation boss Sir Howard Stringer posted an open letter of apology.

"Dear Friends, I know this has been a frustrating time for all of you," Stringer wrote. "To date, there is no confirmed evidence any credit card or personal information has been misused, and we continue to monitor the situation closely."

On 1st May, Sony hosted a press conference in Tokyo to outline the new security measures it was implementing. More apologies were offered, and a "Welcome Back" programme for PSN customers was outlined for when the service resumed.

Watch on YouTube

PS3 and PSP owners would be offered two free games per system, along with 30 days free PlayStation Plus subscription. Sony also said it would offer subscribers a year of free identity theft protection.

Many were pleased at the announcements, although some PS3 owners complained they had all the titles on offer already.

PS3 owners had a choice of Dead Nation, Infamous, LittleBigPlanet, Ratchet & Clank: Quest for Booty and Wipeout HD + Fury. PSP owners got to choose two games from LittleBigPlanet PSP, Modnation Racers, Pursuit Force and Killzone Liberation.

New PSN security measures promised included higher levels of data protection and encryption, additional firewalls plus new early warning software.

"This criminal act against our network had a significant impact not only on our consumers, but our entire industry," Sony exec Kazuo Hirai said at the time. "We have learned lessons along the way about the valued relationship with our consumers."

But questions remained around how hackers had managed to access the information in the first place. Evidence uncovered in the days following pointed to Sony's systems previously being "obselete" and "long-outdated" - charges which Sony subsequently flatly denied. However, a later report suggested Sony had let go security staff prior to the attack and ignored warnings that a privacy breach was possible.

By mid-month, Sony was beginning to restore PSN functionality in phases, region by region, service by service. PSN returned to life in the UK on 14th May.

Gamers weren't the only ones affected. Sony was forced to apologise to developers whose game launches were disrupted by the attack, or whose online services were rendered unavailable. Capcom exec Christian Svensson was one of few to speak publicly, memorably complaining he was "frustrated and upset" the publisher was down "hundreds of thousands, if not millions, of dollars".

Others were less fazed. Speaking to Eurogamer, Gravity Crash developer and Just Add Water boss Stewart Gilray called the furore over the hack "a lot of wind and piss".

Watch on YouTube

Inevitably, when PSN did return, there were several days of teething problems as all users were made to request a password reset via email - which then crashed Sony's email server.

Sony initially estimated the hack would cost it at least £105m, although the company later suggested the impact had not been as financially damaging as it once feared.

PSN bounced back, adding another three million users in the four months following the attack. Jack Tretton, then Sony US boss, tackled the issue head on at the start of Sony's E3 2011 press conference, apologising again for the "anxiety caused".

"You are the lifeblood of the company," Tretton said. "Without you there is no PlayStation. I want to apologise personally. It's you that causes us to be humbled and amazed by the support you continue to give."

Sony at one point faced 55 class action lawsuits and eventually agreed to offer up further compensation for those affected. Details of this took until last year to be finalised, by which time PS3 had long been replaced, and the success of PS4 had made the whole saga a distant memory.

But Sony is still upgrading its systems - just last week, Sony announced it would finally introduce two-step verification, three years after Microsoft did the same for Xbox Live. There have been no widespread security breaches since, although console networks remain vulnerable to concerted DDOS attacks - as seen when both PSN and Xbox Live failed over Christmas 2014.

Watching the PSN hack unravel from the sidelines and seeing Sony pick up the pieces, I can't remember another event to affect so many gamers simultaneously and - at the time, at least - cause so many to worry for their own details' safety. For PlayStation owners, developers and Sony itself, here's hoping there's never another situation quite like it.

Read this next

seductrice.net
universo-virtual.com
buytrendz.net
thisforall.net
benchpressgains.com
qthzb.com
mindhunter9.com
dwjqp1.com
secure-signup.net
ahaayy.com
tressesindia.com
puresybian.com
krpano-chs.com
cre8workshop.com
hdkino.org
peixun021.com
qz786.com
utahperformingartscenter.org
worldqrmconference.com
shangyuwh.com
eejssdfsdfdfjsd.com
playminecraftfreeonline.com
trekvietnamtour.com
your-business-articles.com
essaywritingservice10.com
hindusamaaj.com
joggingvideo.com
wandercoups.com
wormblaster.net
tongchengchuyange0004.com
internetknowing.com
breachurch.com
peachesnginburlesque.com
dataarchitectoo.com
clientfunnelformula.com
30pps.com
cherylroll.com
ks2252.com
prowp.net
webmanicura.com
sofietsshotel.com
facetorch.com
nylawyerreview.com
apapromotions.com
shareparelli.com
goeaglepointe.com
thegreenmanpubphuket.com
karotorossian.com
publicsensor.com
taiwandefence.com
epcsur.com
southstills.com
tvtv98.com
thewellington-hotel.com
bccaipiao.com
colectoresindustrialesgs.com
shenanddcg.com
capriartfilmfestival.com
replicabreitlingsale.com
thaiamarinnewtoncorner.com
gkmcww.com
mbnkbj.com
andrewbrennandesign.com
cod54.com
luobinzhang.com
faithfirst.net
zjyc28.com
tongchengjinyeyouyue0004.com
nhuan6.com
kftz5k.com
oldgardensflowers.com
lightupthefloor.com
bahamamamas-stjohns.com
ly2818.com
905onthebay.com
fonemenu.com
notanothermovie.com
ukrainehighclassescort.com
meincmagazine.com
av-5858.com
yallerdawg.com
donkeythemovie.com
corporatehospitalitygroup.com
boboyy88.com
miteinander-lernen.com
dannayconsulting.com
officialtomsshoesoutletstore.com
forsale-amoxil-amoxicillin.net
generictadalafil-canada.net
guitarlessonseastlondon.com
lesliesrestaurants.com
mattyno9.com
nri-homeloans.com
rtgvisas-qatar.com
salbutamolventolinonline.net
sportsinjuries.info
wedsna.com
rgkntk.com
bkkmarketplace.com
zxqcwx.com
breakupprogram.com
boxcardc.com
unblockyoutubeindonesia.com
fabulousbookmark.com
beat-the.com
guatemala-sailfishing-vacations-charters.com
magie-marketing.com
kingstonliteracy.com
guitaraffinity.com
eurelookinggoodapparel.com
howtolosecheekfat.net
marioncma.org
oliviadavismusic.com
shantelcampbellrealestate.com
shopleborn13.com
topindiafree.com
v-visitors.net
djjky.com
053hh.com
originbluei.com
baucishotel.com
33kkn.com
intrinsiqresearch.com
mariaescort-kiev.com
mymaguk.com
sponsored4u.com
crimsonclass.com
bataillenavale.com
searchtile.com
ze-stribrnych-struh.com
zenithalhype.com
modalpkv.com
bouisset-lafforgue.com
useupload.com
37r.net
autoankauf-muenster.com
bantinbongda.net
bilgius.com
brabustermagazine.com
indigrow.org
miicrosofts.net
mysmiletravel.com
selinasims.com
spellcubesapp.com
usa-faction.com
hypoallergenicdogsnames.com
dailyupdatez.com
foodphotographyreviews.com
cricutcom-setup.com
chprowebdesign.com
katyrealty-kanepa.com
tasramar.com
bilgipinari.org
four-am.com
indiarepublicday.com
inquick-enbooks.com
iracmpi.com
kakaschoenen.com
lsm99flash.com
nana1255.com
ngen-niagara.com
technwzs.com
virtualonlinecasino1345.com
wallpapertop.net
casino-natali.com
iprofit-internet.com
denochemexicana.com
eventhalfkg.com
medcon-taiwan.com
life-himawari.com
myriamshomes.com
nightmarevue.com
healthandfitnesslives.com
androidnews-jp.com
allstarsru.com
bestofthebuckeyestate.com
bestofthefirststate.com
bestwireless7.com
britsmile.com
declarationintermittent.com
findhereall.com
jingyou888.com
lsm99deal.com
lsm99galaxy.com
moozatech.com
nuagh.com
patliyo.com
philomenamagikz.net
rckouba.net
saturnunipessoallda.com
tallahasseefrolics.com
thematurehardcore.net
totalenvironment-inthatquietearth.com
velislavakaymakanova.com
vermontenergetic.com
kakakpintar.com
begorgeouslady.com
1800birks4u.com
2wheelstogo.com
6strip4you.com
bigdata-world.net
emailandco.net
gacapal.com
jharpost.com
krishnaastro.com
lsm99credit.com
mascalzonicampani.com
sitemapxml.org
thecityslums.net
topagh.com
flairnetwebdesign.com
rajasthancarservices.com
bangkaeair.com
beneventocoupon.com
noternet.org
oqtive.com
smilebrightrx.com
decollage-etiquette.com
1millionbestdownloads.com
7658.info
bidbass.com
devlopworldtech.com
digitalmarketingrajkot.com
fluginfo.net
naqlafshk.com
passion-decouverte.com
playsirius.com
spacceleratorintl.com
stikyballs.com
top10way.com
yokidsyogurt.com
zszyhl.com
16firthcrescent.com
abogadolaboralistamd.com
apk2wap.com
aromacremeria.com
banparacard.com
bosmanraws.com
businessproviderblog.com
caltonosa.com
calvaryrevivalchurch.org
chastenedsoulwithabrokenheart.com
cheminotsgardcevennes.com
cooksspot.com
cqxzpt.com
deesywig.com
deltacartoonmaps.com
despixelsetdeshommes.com
duocoracaobrasileiro.com
fareshopbd.com
goodpainspills.com
hemendekor.com
kobisitecdn.com
makaigoods.com
mgs1454.com
piccadillyresidences.com
radiolaondafresca.com
rubendorf.com
searchengineimprov.com
sellmyhrvahome.com
shugahouseessentials.com
sonihullquad.com
subtractkilos.com
valeriekelmansky.com
vipasdigitalmarketing.com
voolivrerj.com
zeelonggroup.com
1015southrockhill.com
10x10b.com
111-online-casinos.com
191cb.com
3665arpentunitd.com
aitesonics.com
bag-shokunin.com
brightotech.com
communication-digitale-services.com
covoakland.org
dariaprimapack.com
freefortniteaccountss.com
gatebizglobal.com
global1entertainmentnews.com
greatytene.com
hiroshiwakita.com
iktodaypk.com
jahatsakong.com
meadowbrookgolfgroup.com
newsbharati.net
platinumstudiosdesign.com
slotxogamesplay.com
strikestaruk.com
trucosdefortnite.com
ufabetrune.com
weddedtowhitmore.com
12940brycecanyonunitb.com
1311dietrichoaks.com
2monarchtraceunit303.com
601legendhill.com
850elaine.com
adieusolasomade.com
andora-ke.com
bestslotxogames.com
cannagomcallen.com
endlesslyhot.com
iestpjva.com
ouqprint.com
pwmaplefest.com
qtylmr.com
rb88betting.com
buscadogues.com
1007macfm.com
born-wild.com
growthinvests.com
promocode-casino.com
proyectogalgoargentina.com
wbthompson-art.com
whitemountainwheels.com
7thavehvl.com
developmethis.com
funkydogbowties.com
travelodgegrandjunction.com
gao-town.com
globalmarketsuite.com
blogshippo.com
hdbka.com
proboards67.com
outletonline-michaelkors.com
kalkis-research.com
thuthuatit.net
buckcash.com
hollistercanada.com
docterror.com
asadart.com
vmayke.org
erwincomputers.com
dirimart.org
okkii.com
loteriasdecehegin.com
mountanalog.com
healingtaobritain.com
ttxmonitor.com
nwordpress.com
11bolabonanza.com