Sony Online Entertainment PlayStation Network Hack Timeline

Get Started. It's Free
or sign up with your email address
Rocket clouds
Sony Online Entertainment PlayStation Network Hack Timeline by Mind Map: Sony Online Entertainment PlayStation Network Hack Timeline

1. April 19th

1.1. 4:15 PM PST

1.1.1. Sony Network Entertainment America detects a unauthorized activity on approximately 130 servers

1.1.1.1. more specifically, servers were rebooting when not scheduled to

1.1.1.2. Sony begins to investigate

2. April 20th

2.1. Early afternoon

2.1.1. SNEA engineers discover evidence of an "unauthorized intrusion"

2.1.1.1. data has been removed

2.1.2. SNEA engineers take all PlayStation Network and Qriocity offline

2.1.2.1. 77+million registered users effected

2.1.3. Sony engages the services of a computer forensics and security consulting firm

3. April 21st

3.1. Sony brings in a second security and forensics consultancy to investigate the growing problem

4. April 22nd

4.1. Sony mirrors 9 out of 10 affected servers

4.2. Sony's legal consult alerts the FBI to the security breach

4.3. Sony and The FBI schedule a meeting for April 27

4.4. Sony reveals on their blog that there was a "security intrusion" but no mention of a potential loss of data. No warning to consumers is provided

5. April 23rd

5.1. Afternoon

5.1.1. Forensic teams confirm that intruders used

5.1.1.1. "very sophisticated and aggressive techniques to obtain unauthorized access"

5.1.2. and were able to

5.1.2.1. "hide their presence from system administrators"

5.1.2.2. "escalate privileges inside the server."

6. April 24th

6.1. Easter Sunday

6.1.1. Sony retains the services of a 3rd security and forensic team

6.1.1.1. This time:

6.1.1.1.1. A group with "highly specialized skills"

6.1.1.1.2. Brought in to "determine the scope of the data theft"

7. April 25th

7.1. Security teams confirm account details compromised include:

7.1.1. Name

7.1.2. Address

7.1.3. Country

7.1.4. Email

7.1.5. Birthdate

7.1.6. PlayStation Network/Qriocity password

7.1.7. Login Handle

7.1.8. Network ID

7.2. Security teams are uncertain if 12.3 million global credit cards stored on the servers have been compromised

7.2.1. 5.6 million were from the U.S.

8. April 26th

8.1. Sony Network Entertainment and Sony Computer Entertainment America

8.1.1. Publicly announce the network intrusion

8.1.2. Alert regulatory authorities in

8.1.2.1. New Jersey

8.1.2.2. Maryland

8.1.2.3. New Hampshire

9. April 27th

9.1. Sony Network Entertainment and Sony Computer Entertainment America

9.1.1. Alert regulatory authorities in

9.1.1.1. Hawaii

9.1.1.2. Louisiana

9.1.1.3. Maine

9.1.1.4. Massachusetts

9.1.1.5. Missouri

9.1.1.6. New York

9.1.1.7. North Carolina

9.1.1.8. South Carolina

9.1.1.9. Virginia

9.1.1.10. Puerto Rico

10. May 3rd

10.1. Sony Chairman Kaz Hirai

10.1.1. Sends 8 page official letter to Congressional Subcommittee on Commerce, Manufacturing, and Trade

10.1.1.1. Informs them of the intrusion

10.1.1.2. explains the lead up to the attack

10.1.1.3. how it was first detected

10.1.1.4. the deep impact it is having on the firm

10.1.2. Outlines already imposed heightened security measures including:

10.1.2.1. adding automated software monitoring

10.1.2.2. enhanced levels of data protection and encryption

10.1.2.3. new firewalls

10.1.2.4. moving the data center to a different location

10.1.2.5. hiring a new Chief Information Security Officer

10.1.3. Closing statement:

10.1.3.1. "We ask the Committee to consider as well the connection between data security and the cybercrimes and cyber terrorism that threaten to make the Internet unsafe for consumers and commerce."