Stop us if you've heard this one before: Sony's PlayStation Network and Qriocity music service are still down. The outage, which could soon become fodder for late-night comedians, is in its 11th day, with no specific timetable for being back online. The company did say that it expects to have "some services up and running within a week."
In an FAQ posted Thursday on the official PlayStation Blog, Nick Caplin, head of communications at Sony Computer Entertainment Europe, wrote that the company realizes the "outage has been frustrating" to users, and Sony is "taking steps to make our services safer and more secure than ever before."
'Criminal Attack'
The FAQ attempts to answer a variety of questions that at least some of the 75 million affected PSN users have been asking. Among other things, Sony had previously described the shutdown as the result of an "external intrusion," but now the FAQ describes it as "a criminal attack against our system and against our customers," and said the company is working with law enforcement.
Earlier this week, Sony revealed -- days after the network and music service went down -- that some unspecified amount of personal data was compromised. The company has said it took several days to discover the breach. In the FAQ, it now says that all the credit-card data was "encrypted," but that, at any rate, "we have no evidence that credit-card data was taken" -- although the company added that it "cannot rule out the possibility."
The bad news is that the "personal data table," which was "behind a very sophisticated security system that was breached in a malicious attack," was not encrypted.
In the Northern District of California, the first class-action lawsuit has been filed against Sony Computer Entertainment America on behalf of a PSN subscriber in Alabama, alleging lax security measures and slow notification to users about a breach of their confidential information.
'We Didn't Do It'
On Wednesday of last week, the PSN and Sony's Qriocity media service went down. Later on that day, Sony posted a notice that it was aware of the problem, and would soon update users. On Thursday, the company said it was still "investigating" the outage, and said it might take as much as a day or two to get the services back up.
Friday brought word from Sony that the cause was related to an "external intrusion," and that it had shut down the networks itself to deal with the problems. A variety of Sony watchers surmised that the "external intrusion" could have been by members of the Anonymous hacker group. With several major new game titles coming out last week, the timing of the outage was particularly suspicious.
Anonymous has denied involvement, while simultaneously posting updates to its Facebook page that suggest it could have been involved. On its AnonNews web site, where anyone can post, there is a notice dated Friday titled For Once We Didn't Do It. The posting noted that, while some individual Anons could "have acted by themselves," AnonOps was not involved and "does not take responsibility for whatever has happened."
However, on Anonymous' Facebook page, the page owner posted last week that "we have no qualms about our actions" while discussing the outage.
Meanwhile, Sen. Richard Blumenthal (D-Conn.) in a letter to the company on Tuesday, said a security breach of this size, involving many users who are children, "raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data." He particularly criticized the delay in notifying users.
Britain's information commissioner has also said he will be looking into the situation.