On April 20, 2011, the Sony PlayStation online network was hacked and users' credit card, birth dates, address, and other personal information was stolen. This was the first major attack on an online gaming system of this size.
One thing which made this situation notable is that for end users, the online system simply went "down for maintenance" with no warning or explanation. Users who loved their online gameplay were locked out and did not know why.
The first real news gamers received of the issue came a full week later, on April 27, 2011. On that date each gamer received an email message with the following details:
Sony Statement of April 27, 2011
The gist of the message is "all your personal data was probably stolen." This includes full credit card information, home address, birth date, full legal name, phone number, and more. This is a gold mine for hackers. With these details hackers could do all sorts of harm - sign the person up for new credit cards, sign them up for loans, of course use the existing credit cards, resell the information to other databases.
On one hand, it is amazing that with all the hackers in the world that no major online system had been breached until now. Surely if someone managed to hack into the XBox Live network, or the WarCraft network, they could get even more names.
But on the other hand, of course, the reason gamers input all of their personal data into an online system is that they trust that system to keep them safe. There is no way to play online PS3 games without divulging your personal information. Should that be the case? Should a gaming company really need to keep all this personal information on file in order for you to play an online game of Scrabble with your relatives in another state?
As of May 6th this single email message is the only communication from Sony to its gamers, and the network is still not live. There is no sign of the network going live any time soon. Notably, no other communication was done besides that one email message, so gamers who had that message blocked by an anti-spam blocker or who changed email addresses might not even know the situation.
Should Sony have sent out snail mail / paper letters to its customers to let them know what happened? Should they have taken other steps - informed users more promptly as to the situation? Come by the forums and share your thoughts!
Sony Hacking Forum Thread