Sony withheld PSN hack truth - report

By Robert Purchese Published 15 June, 2011

Deliberately misleading?

Sony knew hackers had pinched personal PSN data a full day earlier than we've been lead to believe, according to a new report.

Kyodo news (via Kotaku) obtained, via a freedom of information request, sensitive documents that proved Sony understood roughly the extent of the PSN hack on 25th April. PlayStation boss Kaz Hirai said this wasn't the case until 26th April.

On 26th April, Sony downplayed that internal report of a "fairly large" data theft by telling the world it "couldn't rule out the possibility" personal information had gone walkabouts.

Why?

Sony didn't want to "bewilder" customers. "We hadn't figured out (at that time) what kind of data had been leaked," a Sony spokesperson defended. "If only passwords and IDs (were breached), they cannot be considered personal information, and so we didn't want to bewilder our customers."

Does a day's delay signify Sony deliberately belittling the importance of the data theft?

PlayStation Network went offline on 20th April 2011. Nine days later, Sony announced that personal data including credit card information had been stolen. Upwards of 70 million people were at risk. Sony still doesn't know who was responsible.

Picture of Robert.

About Robert Purchese

Bertie is Eurogamer's Senior Staff Writer. When he's not hunting down news stories he's often found playing with his kids or gabbling about fantasy games and strange online worlds. @Clert on Twitter.

Read more articles from Robert by visiting the Robert Purchese archive page.

You may also like...

Comments (79) Latest comment 11 months ago

Comments for this article are now closed, but please feel free to continue chatting on the forum!

  • Jolly_Armadillo #1 11 months ago

    Not even read the whole article...don't really care anymore.

    Wow a full day: alert the media!

  • anthonypappa #2 11 months ago

    most people would hold back from making panic-inducing statements until they knew better what they were dealing with.

  • Jay-ITFC #3 11 months ago

    Whatever Sony says 9 days is a LONG time. We should have been told within 48 hours.

  • bburdett #4 11 months ago

    I hear an army of "EUROGAMER HATES SONY" commenters on the way.

  • Otis_Inf #5 11 months ago

    Does a day's delay signify Sony deliberately belittling the importance of the data theft?

    Ever dealt with security? On a massive scale? Then you don't jump to conclusions when something happens or better: when the tripwires and monitors you've set up alert you. You first investigate what happened, how far (if ever) they got in, what they could have seen along the way etc. etc.

    You don't simply jump up and yell "OMG! We're hacked! HACKED!!11, everybody out! We're all gonna die! I'm telling ya!". No, you investigate, do it over, analyze and then draw conclusions.

    Btw 'a freedom of information request' ? That's odd... in general only governments in most western countries are obligated by law to publish information about decisions taken for public record, not privately held companies.

  • Murton #6 11 months ago

    No Rob, it doesn't mean that they were trying to mislead anyone or belittle the situation, it means that they noticed something on the 25th, analysed the findings and then published on the 26th, there's also the case of time difference, the attack was made on Sony servers in the US and Kaz Hirai is based in Japan, so by the time he made his announcement the date was the 26th.

    But why lets silly things like facts get in the way of yet another slanderous article about Sony and the PSN hack.
    Edited by Murton at 15/06/11 @ 13:28

  • Widge #7 11 months ago

    Doesnt 1 day fall under 48 hours?

  • jarek98 #8 11 months ago

    To be honest = "fairly large data theft" doesn't necessarily mean "fairly large PERSONAL data theft".
    They could know that some data was stolen, but weren't sure if it was personal/customer data.
    Doubtful but still possible ;-).

  • IonOnion #9 11 months ago

    A full day?

    O M G ! ! !*

    *note the 3 exclamations points that how surprise i am

  • AcidSnake #10 11 months ago

    My password isn't considered personal?

    I always use my bank account number as my password!

  • nuanimal #11 11 months ago

    Is that "bewilder" as to confuse or as in be crazy?

  • RM2KMaster #12 11 months ago

    "at risk"

    Nobody was at fucking "risk" stop making it sound ten time worse that it fucking is.

  • Darren #13 11 months ago

    Yawn! This is hardly newsworthy IMO.

  • funkateer #14 11 months ago

    I see Robert Purchese is still on 'milking the PSN hack' detail?

  • chessboxer #15 11 months ago

    Codemasters and Eidos waited a week. As for Epic games, I have no idea when the hack took place, their email only states that they were hacked recently.

    I still haven't heard of any game company since the Sony breach offering free stuff or even providing an Identity Theft product even though personal information had been been compromised. Where are the follow up stories EG?

  • HistoryTeller #16 11 months ago

    This is how history works, guys. Some times information can get mixed up. Because one document shows it happened one day earlier does not mean that the public statement is a falsity..

  • theiceman #17 11 months ago

    Eurogamer Hates Sony!!!

  • thiagots85 #18 11 months ago

    Eurogamer hates sony

  • gruntboy #19 11 months ago

    Waste of column fucking inches. You get paid for writing this shit? Jesus.

    EDIT: Subtitle "Deliberately misleading?". The "article" behind your bait-worthy headline, most certainly.
    Edited by gruntboy at 15/06/11 @ 13:38

  • BraveArse #20 11 months ago

    "deliberately misleading?" reads the tag. Yes, it is... this article would seem to be deliberately misleading.

  • lcmnick #21 11 months ago

    Post deleted at 12:48:44 14-04-2012

  • woodyrulesok #22 11 months ago

    From the sound of it they seemed to do the sensible thing.

  • gruntboy #23 11 months ago

    @BraveArse - you beat me to it....

  • Bradach #24 11 months ago

    give it a rest EG, more tabloid nonsense

  • BraveArse #25 11 months ago

    @gruntboy - I'll happily share the credit ;)

  • flaming.carrot #26 11 months ago

    Who gives a fuck? PSN is back on, the world did not implode. Move on.

  • Feanor #27 11 months ago

    Dumbest "news" article on EG in quite a while.

  • alimokrane #28 11 months ago

    Is there any company that is really 100% transparent now? everyone is corrupt!

  • Moonprince #29 11 months ago

    "understood roughly"

    So there's doubt. nuff said really.

    Old news anyway. I've moved on.

  • HyperTails #30 11 months ago

    Of course, it would be via Kotaku. That sites as Anti-Sony as they come.

    Also, who friggin' cares? A whole day? FFS, I'm not arsed TBH. If they lost data and they didn't tell us, i'd be pissed, but a whole day to tell us?

    Pffft.

  • Moonprince #31 11 months ago

    "Does a day's delay signify Sony deliberately belittling the importance of the data theft?"

    So transparent... Years of study to get where you are and this is what you're reduced to Rob?

    Be proud :\

  • madgerald Verified Studio Head of PR & Marketing, Colossal Games LTD #32 11 months ago

    What a difference a day makes

    /singalong now

  • GamesProgrammer Verified Games Team Programmer, Eutechnyx Ltd. #33 11 months ago

    Rob you do post alot of anti Sony stories its like you have an agenda.
    Just sayin.

  • LiteMrBubbles #34 11 months ago

    Why is this relevant anymore?

  • speedjack #35 11 months ago

    I'm no fan of Sony whatsoever, but even I had to admit that 24 hrs is hardly a big deal.

    They're a huge corporation and as such I can guarantee that their first thought wasn't for their PSN userbase but rather how quickly they could get their lawyers off the golf course... so 24 hrs sounds about right.

  • Xardan #36 11 months ago

    Sony in the wrong? *gasp*

    Whatever will the fanboys do? Ignore it, deny it or accuse eurogamer of bias?

  • Shikasama #37 11 months ago

    If this article was posted during the event then the responses would be full of hate and anger ratehr than the sardonic comments here.

    Gamers as a collective never get treat with respect because they are so quick to forget.

  • Bradach #38 11 months ago

    ...i think i read about this in big whoop magazine

  • speedjack #39 11 months ago

    Loving the advert...

    'SONY

    make.believe'

    LOL !

  • kangarootoo #40 11 months ago

    Never ever thought I would utter these words...


    Slow news day?

  • scuffpuppies #41 11 months ago

    Give it a rest Rob. Your sentiment's getting really dull now. More like "Fanboy Blog", than Eurogamer journalism.....oh wait..

  • MinerWilly #42 11 months ago

    The comments from the members on here are for once far more mature than the article that we are commenting on.

  • ShiftyGeezer #43 11 months ago

    Gosh - crap journalism. To think I joined Eurogamer back in the say because it used to be good. Might go back to IGN/Gamespot if EG aren't going to get on top of their decline into misrepresentative tabloid crap.

  • layleeloo #44 11 months ago

    What, no coolbritania xbox comments on this thread? Oh yeh, I clicked ignore. Bliss

  • TheEnforcer000 #45 11 months ago

    Unacceptable. Sony can keep their free games... I'm done with them. Easy for me to say as I've only got a psp and 5 games invested in this joke of a company. I feel very sorry for ps3 users that have much more invested and continue to let this crap slide. Understandable though.

  • coolbrittannia #46 11 months ago

    Troll baiting article.

  • IronCladChicken #47 11 months ago

    If this story is so meaningless and un-newsworthy - Why are so many people writing angry comments?
    Usually with the duff stories no one comments and the story gets forgotten.

    ShiftyGeezer
    'Might go back to IGN/Gamespot if EG aren't going to get on top of their decline into misrepresentative tabloid crap.'

    Hey! Are you suggesting IGN & Gamespot don't report misrepresentative tabloid crap?
    On behalf of both IGN and Gamespot - I'm offended - They provide some of the best misrepresentative tabloid crap on the internet!

  • Freki #48 11 months ago

    Maybe it was lost in translation but I certainly consider my user name and password personal information.

  • geordiek #49 11 months ago

    Are you getting the message yet EG? We dont care.
    Give the stories to gamespot and thet them fight it out in the system wars forum.

  • Murton #50 11 months ago

    @Enforcer - yes it is unacceptable. How dare Sony buck the trend and actually admit to the public that they the victims of a data theft and then make reparations for it, bastards. /sarcasm

    You do realise that your personal data has likely been stolen many many times over already without the company in actually admitting to it? How about the free sale of personal details? Your local council openly sells your name and address via the electoral register, as do utility and phone companies, ISPs, retailers, websites, marketers the list goes on.

    Get a grip.

  • davisorle #51 11 months ago

    Post deleted at 15:13:15 09-05-2012

  • Jacksie66 #52 11 months ago

    Hack hack hack fuckin hack. Its turnin into feckin Eurohacker.

  • onyxbox #53 11 months ago

    Robert Purchase.... you make me want to rage quit from Eurogamer.

    You should be sacked for the damage you've done to the inegrity of the news reported by Eurogamer.

  • scuffpuppies #54 11 months ago

    @Layleeloo

    Coolbritannia is using his 2nd account "guilotine". He doesn't think people know it's really him. Bless.

  • layleeloo #55 11 months ago

    Cheers scruff. Good tip.

  • Fork_Handles #56 11 months ago

    Wait a minute! PSN got hacked?

    Why didn't anyone tell me?
    Edited by Fork_Handles at 15/06/11 @ 15:39

  • Bonders99 #57 11 months ago

    Looked that it was by Bertie Purchese and knew immediately what to expect in the article. He sure didn't disappoint me.

  • TelexStar #58 11 months ago

    @AcidSnake - My password isn't considered personal?

    I always use my bank account number as my password!

    In the Info Sec world there's a very specific definition of "Personal Information" and that's information that can be used to uniquely identify you as an individual. Sensitive Personal Information goes a step further and is that which can be used to financial harm you.

    So in effect, someone knowing your user ID and password in and of itself is not a theft of personal information. If that ID and password then allows access to such PI or SPI data then that's a different matter.

    Regarding the story, it's pretty reasonable for there to be a day delay before announcing what's happened. As others have said, you shouldn't jump to conclusions. There's a marked difference between finding out a breach has occured, spending a day investigating it (which is likely what Sony did) and then informing the public verses finding out a breach has occured and then sitting on the information and doing nothing with it for a day.

  • jefranklin18 #59 11 months ago

    Let it go, Rob. Sony are not going to exit the console business any time soon and you're starting to look obsessive.

  • Retro_ #60 11 months ago

    so fucking what, its history so stop shit stiring Eurogamer

  • coolbritannia #61 11 months ago

    I posted this hours ago, it just proves what I've been saying all along. Ouch, sorry neggers.

  • 32768Colours #62 11 months ago

    I imagine the only thing on Sony's mind during that time was damage limitation, and had very little to do with what was best for their customers.

    Sure, it makes sense not to start publicising wild assumptions, but I seriously doubt Sony were purely protecting us from hysteria.

  • ballshock #63 11 months ago

    who cares I just complete dead nation!

  • Caimbeul #64 11 months ago

    looks like Lulsec have beef with gamers. Seems like they are the imature twats we all thought they were:

    http://www.techradar.com/news/internet/l...

  • MeBrains #65 11 months ago

    i think Sony reacted almost perfectly to the hack - much like they did with the exploding battery problem which they were wrongly accused of.

    they got hacked. Took measures at great cost (taking the server 1 month offline?!). Informed the public well. And gave incentives for what was an outside attack. Like some have said before: have you seen other companies do what Sony has done after they were breached? What is the IMF doing - dealing with far more important stuff that providing virtual worlds for nerds to hop around in?

    still the company got an awful lot of negativity - which is incredible really...

  • Sevens #66 11 months ago

    Poor journalism.

  • coolbritannia #67 11 months ago

    @Parsnip, I think you'll find I posted this story hours before EG nicked it from Kotaku.

    I know most of the commentators here have Stockholm syndrome when it comes to Sony but there are still critical thinkers who would like to know exactly what went down and if Sony were in fact negligent.
    Edited by coolbritannia at 15/06/11 @ 20:37

  • des #68 11 months ago

    Sony withholding data,what a surprise.

    bow bow bow

  • mukki #69 11 months ago

    snoar...

    Sony being a big company they probably took a bit of time to react... normal I would say.
    Glad PSN is back online and yes overall they could have handled the whole better...

  • SeesThroughAll #70 11 months ago

    sensitive documents that proved Sony understood roughly the extent of the PSN hack

    ... and then ...

    We hadn't figured out (at that time) what kind of data had been leaked

    So, which one is it? Did they understand the extent of the hack or not?

    downplayed that internal report of a "fairly large" data theft by telling the world it "couldn't rule out the possibility"

    Since when is stating that you cannot deny something downplaying it?

    This is getting ridiculous...

  • BuddyChrist #71 11 months ago

    So I could have gotten in my bomb proof bunker a day earlier.....?
    Damn.
    And I got rachet and clank- which turned out to only be a part game/promo for a full feature.
    Where's my lawyer?
    Oh, I left him in the bunker.

  • ajaxpliskin #72 11 months ago

    Sony dealt with the issue quickly and professionally, imo. You can't make statements about personal details being stolen to the WORLD before making sure you know the facts. Cut them some slack. It's not like they were trying to rip off their own customers. They lost billions.

  • rayscoota #73 11 months ago

    So was that the 25th of April in Japan or was it the 25th in Europe or could it be the 25th in the US? and does it really matter would it had changed anything?

  • Turbotim3 #74 11 months ago

    sony should be commended for the way the handled it. no matter how hard you try to spin this story it wont matter because whats right is right and anyone who knows about these kinds of things will know this. this story is for people who might not know and they are hoping to hurt sony by drumming up this pathetic story

  • bluetoothion #75 11 months ago

    A) a really sensitive and secret report within a Japanese i repeat Japanese firm would never reach EG or its ''sources''

    B) I m really curious to see where will Eurogamer stand in case MS gets involved in a scandal..... but where are those hackers when you really need them.....oh well.

  • Murton #76 11 months ago

    "B) I m really curious to see where will Eurogamer stand in case MS gets involved in a scandal"

    We sort of saw this a couple months ago when the reports of the new Dash update bricking 360 disc drives. The story broke in the morning but EG didn't get its story up for hours, by which time MS had made an official statement and the whole thing could be painted in a more positive light, fault found, nature known, fix incoming. Contrast to Sony stories which have been at best misreported: EG claiming PSN had been down for 7 days on day 6 or this article today, and at worse, utterly false: reporting the hacks on Sony film and music sites as simply "Sony hacked again" implying that PlayStation sites had been attacked.

    Sadly the most informative part of EG's coverage of the hacks has been to inform the readership that the EG offices operate in a lawless state where you can spin news stories, omit or actually rewrite facts or even just make shit up and there's no editor to stop you.

  • Beano #77 11 months ago

    So IF Sony withheld the info a day or two more than necessary, it that an important issue now?

    The fact is that Sony quickly shut down PSN entirely and instead of rushing a few security patches thru and started up again a few days later, they decided to do the right thing - initiated a full investigation and at the same time migrated PSN to their new server center at a new location which was already being built. Sony knew that if PSN got hacked again right after, they would be finished. Moving to the new location with new servers and new and better security systems, chances of that would be much smaller. Sure it sucked being without PSN for a month and there has been some minor startup problems, but it's something people will quickly forget. It was a huge wakeup call for Sony and in the long run PSN will be better because of it.
    Besides - there are no signs that user account info or credit card info has even been stolen. According to two Annonymous hackers, PSN was hacked and compromised but no info (apart from some admin accounts) was actually taken.
    Edited by Beano at 16/06/11 @ 08:28

  • scuffpuppies #78 11 months ago

    In the end this is doing Eurogamer more harm than Sony. Journalism on this site is becoming a standing joke.

  • Nevfx #79 11 months ago

    Eurogamer, I wish you would shut up bout this now