We’re now on Day 3 of the PlayStation Network outage and there’s no word on when the service will be up and running again. Today Sony confirmed that the PSN and Qriocity outage was indeed caused by an “external intrusion” and that upon realizing the intrusion, Sony voluntarily shut down those services on Wednesday. Initial speculation pointed to the hacktivist group Anonymous as being the culprit behind the attack since it was responsible for the first PSN attack earlier this month in protest to Sony’s lawsuit against GeoHot. However, Anonymous had changed its tactics after the original attack, saying that their goal was to give Sony a black eye, not gamers, and it has denied involvement in this recent attack. However, it is entirely plausible that a splinter-group used knowledge from the original Anonymous attack to infiltrate the PlayStation Network.
The extent of the attack is unknown because Sony is keeping mum on the details as it investigates. In March we had reported on how ridiculously insecure the PSN was to begin with. Hackers had tested the PSN’s security and discovered that sensitive user information such as usernames, passwords, credit card information, and more were all transmitted in unencrypted form over the network, allowing for anyone with similar skills and knowledge to gain access to the 70+ million user accounts. The recent attacks seem to prove that Sony overlooked this glaring vulnerability. Although this attack is still relatively new, only time will tell if the attackers were able to gain a significant portion of information from user accounts on the network before the network was taken offline. Should a Gawker-like leak surface, then this could be one of the biggest security breaches of the year, dwarfing the severity and magnitude of the Gawker and Epsilon breaches.
Source : Engadget