On Monday Sony suspended its Sony Online Entertainment portal due to a potential theft of credit card information. It admitted that around 23,400 non-U.S. credit and debit card numbers and expiration dates "may" have been obtained, and avoided mentioning the 24.6 million SOE members who may have been affected as well. Worryingly, it doesn't seem like Sony knew of the SOE breach as recently as last Friday, when Sony dangled special events for SOE members to show its appreciation to customers.
Meanwhile Sony took down the PlayStation Network on April 20, and a week later said its 77 million members' (unofficial figure) credit card information may have been stolen as well.
Here's what Sony warned in an e-mail to customers last week: "Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained."
So if you're a Sony PlayStation Network or Sony Online Entertainment member worried about your personal information falling in the hands of cybercriminals (we would be), we've compiled things to do now, soon, and later to play it safe:
Do NOW:
1. Change those passwords. NOW. If you've used the same username/password for PSN or SOE for other services, change them now.
2. Never e-mail your credit card number to "Sony". Cybercriminals prey on ignorance, and right now Sony phishing scams are prolific. Ignore all e-mails, calls, or snail mail asking you for personal information or credit card details. "Sony will not contact you in anyway, including by email, asking for your credit card number, social security number, or other personally identifiable information," Sony wrote on the SOE website.
3. Consider canceling your linked credit card The sneakiest cybercriminals will wait a year before charging your account. Chris Gatford, director of Hacklabs, recently told GameSpot: "Clever attackers will take 12 or 18 months before they access your card, and often stagger purchases so it's harder to track down to an individual source. People could also use that information to, for example, try to take out loans in your name or get an extra credit card."
Do SOON:
1. Place a fraud alert at the three major credit bureaus: Experian at 888-397-3742; Equifax at 800-525-6285; and TransUnion at 800-680-7289.
2. Check your credit reports. As Sony noted on its website, U.S. residents are entitled to one free credit report a year from each of the three major credit bureaus. Visit Annual Credit Report or call (877) 322-8228 to order yours.
Do LATER:
1. Create a fake identity. When signing up for another online gaming account, use a "spam" email account and anonymous debit card to link to your account information. Keep your real name and e-mail address out-of-network and away from any potential wrongdoers; this information makes it even easier for cybercriminals to target you.
2. File a complaint with the Federal Trade Commission if you are, or even think you are, a victim of credit card fraud. The FTC won't get your money back, but the data will be used to detect patterns of wrongdoing.
Are you a concerned Xbox Live user? Check out some additional tips from my colleague, lead networking analyst Samara Lynn, to ensure safe play on the Xbox.
For the latest on the Sony PlayStation hack, see "Congress Slams Sony (Again) Over PlayStation Hack, Delayed Reaction".