PSN hackers may have stolen data of 77m users
Sony says hackers have accessed personal information, but says there is no evidence of credit card details theft
Sony has warned that the names, addresses and other personal data of about 77 million people with accounts on its PlayStation Network (PSN) have been stolen.
Gamers have been locked out of the network for a week, but the company has revealed that the system has been suspended since it was hacked last Wednesday.
Sony said it discovered that between 17 and 19 April an “illegal and unauthorised person” got access to people’s names, addresses, email address, birthdates, usernames, passwords, logins, security questions and more.
Children with accounts established by their parents also may have had their data exposed, according to Sony, which put the warning on its US PlayStation blog – although the warning about the compromise might not be immediately visible to passing readers. The company is also emailing people who might be affected.
The intrusion is potentially one of the biggest ever into a store of credit cards. Sony’s PSN is one of the world’s biggest holders of credit cards, though not as large as Amazon, eBay, PayPal or Apple’s iTunes, which each hold more than 100m accounts.
The previous largest hacking attacks were on Heartland Payment Systems in January 2009, when up to 100m US credit and debit card details were stolen, and TK Maxx in March 2007, when up to 46m credit card details were stolen.
The company said that it saw no evidence that credit card numbers were stolen, but it added: “Out of an abundance of caution, we are advising you that your credit card number (excluding security code) and expiration date may have been obtained,”
The online marketplace launched in autumn 2006 and allows users to purchase and play video games, music and films on their PlayStation consoles.
The hack attack has put it out of action and it says that it may be up to a week before it is operational again.
Sony said it had hired an outside security firm to investigate what happened and has taken steps to rebuild its system to provide greater protection for personal information.
PlayStation members are required to submit credit card and personal details to play online games and download software, films and music.
Warning users of the network to be on the look out for telephone and email scams, Sony said: “To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.”
PlayStation Network posted an apology to users through the Sony website saying it would email those who are suspected to be victims of the hacking.
It said: “We don’t have an exact date to share at this moment as to when we will have the services turned on, but are working day and night to ensure it is as quickly as possible.
“Please note that we are as upset as you are regarding this attack and are going to proceed aggressively to track down those that are responsible.”
Graham Cluley, senior technology consultant at security firm Sophos, told the BBC that the theft of so much detailed customer information would be seen as a “public relations disaster”.
“This is a big one,” he said.
Technology news, comment and analysis | guardian.co.uk
Spotify hits 1m paying users
Online music service says 15% of its active users are now paying customers
Spotify has reached 1 million paying customers, making the online music service the largest of its kind in the world.
The company announced on Tuesday that 15% of its active users pay for Spotify, marking a significant milestone for music streaming sites.
Spotify is in the process of a 0m funding round that values it at bn (£616m) – despite long delays on its expansion to the US.
Daniel Ek, Spotify’s co-founder and chief executive, told the Financial Times: “For any kind of ‘freemium’ business, that is a really, really good number. It’s safe to say we are growing up. We are still a toddler, but we are growing faster and faster every day.”
Almost 6 million music fans use Spotify’s free service, which is subsidised by advertising, with 1 million paying subscribers. The loss-making company was previously thought to have tempted less than 10% of its users to pay, with analysts predicting a bleak future of Europe’s favourite digital streaming site.
The four major music labels – Universal, Warner Music, Sony and EMI – are also thought to have been unconvinced by the startup’s stateside ambitions.
However, with an impressive ratio of paying customers and talk of a sky-high round of funding, Spotify’s long-awaited launch in the US may not be too far away. Both EMI and Sony are understood to have put pen to paper on US deals with Spotify, with the two largest labels yet to fully commit.
In the US, potential competitors include Rhapsody – which recently signed up its 750,000th paying customer – and smaller services such as MOG and Rdio. Bigger players Apple and Google are thought to be lining up forays into music streaming within the next 12 months.
The most recent audited annual accounts for Spotify, for 2009, show it lost £16.6m in the UK on revenues of £11.3m.
“It seems like only yesterday we were hatching ideas for a new music service in a tiny office-cum-apartment with a broken coffee machine, and the party we threw having reached 1 million users almost two years ago today was one to remember,” Ek wrote on the company’s blog on Tuesday.
“From everyone at Spotify, we’d like to give you all massive thanks. We’ll continue to focus on providing you with the best music service possible, and look forward to adding even more cool new features over the coming months. What’s really exciting is that this is only the beginning.”
Technology news, comment and analysis | guardian.co.uk
Twitter users hit by malicious hacker attack
Bug in new-look site exploited to redirect viewers on Twitter.com if they just hover over a link – but users of third-party software are safe (updated)
Update: the flaw has been fixed, and Twitter now says it is safe to use twitter.com again.
Sarah Brown is among thousands of Twitter users who have been hit by malicious use of a security flaw in the redesigned Twitter site.
The wife of the former prime minister Gordon Brown, who has more than a million followers on Twitter, unknowingly sent a link which contained malicious code that would redirect anyone who moved their mouse over it – but didn’t click it – to a Japanese hard-core pornography site.
The problem only occurs for people who are viewing links on the Twitter website itself. People who use third-party clients, which access the back-end database to the site, are not affected, because the code is disabled by the programs.
Graham Cluley, security expert at Sophos, warns that “The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link.
“Thousands of Twitter accounts have posted messages exploiting the flaw.”
The problem arises because users are able to post chunks of Javascript program code inside tweets – and because Twitter has not taking precautions to disable the code by “escaping” the relevant characters, the Javascript becomes active.
The specific code being used is onMouseOver, which carries out a function when you move the mouse over the link. Users don’t have to click the link to be redirected.
Some users are using the code to create “rainbow” tweets with blocks of colour.
The exploit, using a method known as “cross-site scripting” (XSS), will be an embarrassment for Twitter, which launched its new-look website a week ago, including links to third-party sites for pictures and video.
Cluley commented: “It looks like many users are currently using the flaw for fun and games, but there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed.
“Hopefully Twitter will shut down this loophole as soon as possible – disallowing users to post the onMouseOver JavaScript code, and protecting users whose browsing may be at risk.”
Technology news, comment and analysis | guardian.co.uk
BBC websites cost users 67p per month
The BBC spent £199.3m on its BBC Online service in 2009/10, according to its annual report – 12% more than the previous year.
The outlay is 6% of the £142.50 annual licence fee, or the equivalent of £0.67 per month…
BBC Online spend breaks down as: £126.7m content budget, £22.3m on distribution and £50.3m on infrastructure and support.
Future media and technology director Erik Huggers’ salary totalled £407,000 – that’s £330,000 base pay, £15,000 in taxable benefits and £62,000 in cash-based pension supplements.
More stats…
• BBC Online reaches 37% of the population each week and therefore costs 8.9 pence per user hour.
• On a per user user basis, that makes it amongst the most costly of the BBC’s main services, with only BBC Alba costing more.
• More than 18m iPlayer requests per week.
• Monthly mobile users up from 4.4m to 7.8m.
• External suppliers received 26% of BBC Online spend – slightly more than its 25% quota.
Coinciding with the annual report, the BBC Trust has published its response to the BBC’s Putting Quality First strategic review proposals. Regarding online, it says: “The Trust endorses the Executive’s proposed 25% budget reduction, although it will want to understand and approve the editorial changes involved. In line with the Executive’s proposals, the BBC should sharpen online’s focus so that it is truly distinctive and has clearer editorial vision and control….
“The BBC needs to identify future tipping points where reassessment of the structure will become necessary, such as full digital switchover in 2012 and 50% of viewing on a non-linear basis.
“The case has not been made for the closure of 6 Music. The Executive should draw up an overarching strategy for digital radio.”
Meanwhile, BBC is now rolling out “BBC Fabric”, “a desktop-based digital production tool that allows content to be accessed, edited, and shared remotely across the entire BBC” and “will fundamentally change the way we make programmes”, according to the annual report.
