This undated image released by Sony shows their Mylo wireless messaging device. The gadget, largely ignored by its college-aged target audience, is being updated to address some of its shortcomings, the company announced Sunday, Jan. 6, 2008. (AP Photo/Sony)
LOS ANGELES (CBS) -- Sony says credit card data of PlayStationusers may have been stolen in an intrusion that has caused its PlayStation Network to be put out of commission for the last week.
The company shut down the network, which connects players inlive game play worldwide, last Wednesday after it says accountinformation for certain players was compromised.
With some 70 million players in the network, the Sony breach could rank among the largest ever. Chalk it up to coincidence but the disclosure of the cyber-intrusion comes less than a month after customers at dozens of companies found out that their names and e-mail addresses got exposed in a breach at e-mail marketing service provider Epsilon.
Sony says it has hired an outside security firm to investigatewhat happened and has taken steps to rebuild its system to providegreater protection for personal information.
Sony says an unauthorized person obtained informationincluding players' names, addresses, birth dates, email addresses,passwords and log-in names. Although it hasno evidence credit card information was taken, Sony said "we cannotrule out the possibility."
"Out of an abundance of caution, we are advising you that your credit card number (excluding security code) andexpiration date may have been obtained," Sony said in a blog posting. According to the latest update, the account information for the PlayStation Network and its Qriocity service was penetrated sometime between April 17 and April 19th.
Sony also warned that user profile data, including purchase history and billing address as well as PlayStation Network/Qriocity password security answers may have been obtained.
"While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained," it said.