By Nick Wingfield, Ian Sherr and Ben Worthen
A hacker stole the names, birth dates and possibly credit-card numbers for 77 million people who play online videogames through Sony Corp.’s PlayStation console, in what could rank among the biggest data breaches in history.
Sony, whose gaming network has been offline for six days, disclosed Tuesday that an “illegal and unauthorized intrusion” between April 17 and April 19 resulted in the loss of a significant amount of personal information that could be used in identity theft.
The PlayStation Network is used by owners of the company’s game machine to play against one another, chat online and watch movies streamed over the Internet. Sony warned users the intruders may have accessed billing addresses, purchase histories and account information for their children.
Fueled by fast Internet connections, online-gaming services have become global social hubs for tens of millions of people who spend hours competing and cooperating on fantasy quests, combat missions and other activities. People across the globe pay monthly fees to play online-computer games like “World of Warcraft.” Most titles for the PlayStation 3 and Microsoft Corp. Xbox 360 have online components.
Sony warned members of its PlayStation Network and a related entertainment service called Qriocity to closely watch their credit card statements for unauthorized charges. It also told members to be on guard against email, telephone and postal scams aided by the lost personal information.
“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” Sony said in a blog post.
The PlayStation Network, meanwhile, remains out of commission, sowing frustration among gamers. In the blog post, Sony spokesman Patrick Seybold said the company has a “clear path” to restore “some services within a week.”
The incident is a major black eye for the Japanese electronics giant, locked in an increasingly heated battle with Microsoft, Nintendo Co. and other companies in the gaming market. The breach also highlights the trove of personal information stored in online-gaming services.
E.J. Hilbert, a former agent with the Federal Bureau of Investigation who is now a senior vice president at security consulting firm Arixmar, called the compromise of as many as 77 million users accounts “huge.”
(Published April 27, 2011 on the front page of The Wall Street Journal.)