PlayStation Network hack timeline

Major events to date in the PlayStation Network and Qriocity hack

This is a timeline of major events associated with the attack on Sony's PlayStation Network and Qriocity online services.

Dates are given relative to announcements from Sony Computer Entertainment's headquarters in Tokyo. Dates corresponding to announcements from Sony's U.S. unit are provided in parenthesis.

Wednesday, April 20 (Tuesday, April 19, U.S.)

Sony learned its PlayStation Network and Qriocity networks had been compromised. At the time, the company did not announce this. It was subsequently disclosed in a statement issued from the company's U.S. subsidiary on April 26.

Thursday, April 21 (Wednesday, April 20, U.S.)

Sony took its first public step by closing down the two networks, but it didn't disclose what it already knew: the networks had been hacked. It issued a statement that said, "We're aware certain functions of PlayStation Network are down. We will report back here as soon as we can with more information."

Friday, April 22 (Thursday, April 21, U.S.)

The company said it was still investigating the cause of the outage and that it would be "a full day or two" before everything is back to normal.

A posting on Sony Europe's PlayStation blog suggested the networks had been attacked. The posting was later removed, but numerous gaming news outlets reported it as saying, "Our support teams are investigating the cause of the problem, including the possibility of targeted behavior by an outside party."

Saturday, April 23 (Friday, April 22, U.S.)

Sony revealed for the first time the cause of the problems. "An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services," it said in a statement. It offered no details on when services might return to normal.

Hacking group "Anonymous" said in a statement that its core had nothing to do with the attack, but the message left open the possibility that individuals from the group might be responsible. "While it could be the case that other Anons have acted by themselves AnonOps was not related to this incident and takes no responsibility for it," the statement said. It accused Sony of taking advantage of previous attacks on its network to explain an internal problem with company servers.

(Read more: PlayStation Network Enters Third Day of Outage)

Sunday, April 24 (Saturday, April 23, U.S.)

Sony said it was having to rebuild its network as a result of the attack. "Our efforts to resolve this matter involve rebuilding our system to further strengthen our network infrastructure," the company said in a statement. "Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security."

The company said it was "working around the clock to bring them both back online," but didn't say when they might return. "We thank you for your patience to date and ask for a little more while we move towards completion of this project," the statement said.

(Read more: Sony "Rebuilding" PlayStation Network After Attack)

Monday April 25 (Sunday, April 24, U.S.)

For the first time since the problems began, Sony's headquarters went a day without releasing an update.

A spokesman for Sony in Tokyo told IDG News Service a "thorough investigation" was under way. He said the company had not yet determined whether the personal information or credit card numbers of users have been compromised, but that Sony would promptly inform users if it found that was the case.

(Read more: Sony Yet to Determine Scope of PlayStation Network Attack)

Tuesday, April 26 (Monday, April 25, U.S.)

Computer security experts called in by Sony concluded a breach of consumer data had occurred when the PlayStation Network was hacked. At the time, the company held off on making the announcement until the next day.

Kaz Hirai, head of Sony's gaming division, appeared at a Tokyo news conference held to unveil the company's tablet PCs. Hirai expressed condolences and support for victims of the March earthquake and tsunami, talked about the new tablets and how they could download content from the Qriocity online service, but failed to mention the problems with Qriocity and the PlayStation Network. He left the stage without taking questions, as originally scheduled.

Separately at the same event in Tokyo, Sony representatives said there was no new update on the situation and no estimate for a return of the service.

(Read more: Sony Games Chief Hirai Silent on PlayStation Network Outage)

Wednesday, April 27 (Tuesday, April 26, U.S.)

Sony released its most detailed statement to date on the hack and confirmed that personal information was stolen. The information included names and addresses for registered PlayStation Network and Qriocity users, along with their birth dates, e-mail addresses and other personal information.

"While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," Sony said. It advises customers to create credit card fraud alerts and keep a close eye on charges made to linked credit cards.

It also said the PlayStation Network and Qriocity would be back online "within a week."

Sony shares fell 2 percent on news of the potentially huge data leak, ending Wednesday trading in Tokyo at 2,366 yen, down 49 yen.

(Read more: Sony: PlayStation Network Personal User Data Stolen)

Join the CSO newsletter!

Error: Please check your email address.

Tags HandheldsGame platformssecuritypspgamesonline servicessonyPS3Sony Computer Entertainmentintrusion

More about etworkIDGSonySony Computer Entertainment

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Martyn Williams

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts