January 23, 2010

It is announced George “GeoHot” Hotz, the hacker who developed the first iPhone jailbreak application in 2007, successfully cracked the Sony Playstation 3. By jailbreaking the PS3, it was claimed users could play pirated games, build their own software, and enable users to play old Playstation 2 games. “It’s supposed to be unhackable – but nothing is unhackable. I can now do whatever I want with the system. It’s like I’ve got an awesome new power – I’m just not sure how to wield it,” Hotz tells BBC in an interview. Sony tells the BBC it has begun “investigating the report and will clarify the situation once we have more information.”

 

January 13, 2011

Sony announces legal action against fail0verflow, a hacker group with GeoHotz at the helm and with more than 100 members, amid claims they uncovered PS3 security codes enabling users to run any software on a PS3. Fail0verflow claims innocence, stating they do not condone video game piracy and the hack only lets users install different operating systems and simple software.

 

March 2011

U.S. Magistrate Joseph Spero grants Sony access to IP information of anyone who visited the website of GeoHot since January 2009 describing how to crack the PS3. Sony provides subpoenas of Google, Twitter, and YouTube, in search of everyone who watched a video or read information on how to jailbreak the PS3. The digital freedom community goes into an uproar, claiming the order violates privacy rights.

 

April 3, 2011

Anonymous Operations launches OpsSony, with cyberattacks against Sony in response to its actions against users jailbreaking their PS3s. The PlayStation Network is taken down in a DDoS cyberattack. An off-shoot of Anonymous, SonyRecon, sets out to gain personal information on Sony senior managers. Their first target is Sony executive Robert Wiesenthal, and they leak information on his marital status, children, address, and education background. Sony states the stream of attacks are in response to their legal action against GeoHot. Anonymous releases a statement saying “… Sony attacks people’s rights over their property because it doesn’t want them to jailbreak, so in response it will attack their domains because it doesn’t like their actions …”

 

April 11, 2011

Sony announces it reached a court settlement with GeoHot in a San Francisco court. In the agreement reached on March 31, Hotz agreed to a permanent injunction. Riley Russell, General Counsel for SCEA states on the Playstation Blog, “Our motivation for bringing this litigation was to protect our intellectual property and our consumers. We believe this settlement and the permanent injunction achieve this goal.” GeoHot states, “It was never my intention to cause any users trouble or to make piracy easier … I’m happy to have the litigation behind me.”

 

April 21, 2011

The Sony Playstation Network (PSN) goes offline. Sony remains silent on details.

 

April 25, 2011

Details on the PSN outage remain vague, Sony director of corporate communications Patrick Seybold states on the PlayStation Blog “I know you are waiting for additional information on when PlayStation Network and Qriocity services will be online. Unfortunately, I don’t have an update or timeframe to share at this point in time. As we previously noted, this is a time intensive process and we’re working to get them back online quickly. We’ll keep you updated with information as it becomes available. We once again thank you for your patience.”

 

April 26, 2011

Sony announces the PSN and Qriocity outages are due to a “compromise of personal information as a result of an illegal intrusion on our systems,” in a post on the PlayStation Blog. They announce that between April 17 and April 19, user account information for both services was compromised. Sony states leaked data includes credit card data and personal information of users. Sony tells users “We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.” Sony states it hired a security firm to help investigate the breach. The breach exposed the personal information of close to 77 million Sony customers.

 

April 27, 2011

Sony claims the entire credit card table was encrypted and we have no evidence that credit card data was taken,” but added the personal data table was not encrypted.

 

April 29, 2011

Users post comments in hacker forums claiming ownership of user data from Sony networks. They claim they hope to sell 2.2 million credit card numbers obtained from the networks for more than $100,000.

 

May 1, 2011

Sony announces PSN and Qriocity services will begin going back online, starting with sweeping, regional restoration of online gaming. They state they will take “a series of immediate steps to enhance security across the network and a new customer appreciation program to thank its customers for their patience and loyalty.” Sony announces new security measures on their networks.

 

May 2, 2011

Sony announces they were hacked again, with an estimated 24.6 million Sony Online Entertainment user accounts compromised. Information on the database includes an estimated 12,700 non-U.S. credit or debit card numbers and expiration dates, and an estimated 10,700 debit records of customers in Austria, Germany, Netherlands and Spain.

 

May 3, 2011

Sony writes a letter to a House panel, Kazuo Hirai, chairman of Sony Computer Entertainment America claims Anonymous Operations was behind the network breach. He cites a file found on the networks entitled “Anonymous” containing one of the group’s slogans, “We are Legin.”

 

May 4, 2011

Anonymous denies blame for PSN and Qriocity breaches in a statement, saying “Whoever broke into Sony’s servers to steal the credit card info and left a document blaming Anonymous clearly wanted Anonymous to be blamed for the most significant digital theft in history. No one who is actually associated with our movement would do something that would prompt a massive law enforcement response.”

 

May 5, 2011

An observer on a hacker Internet Relay Chat (IRC) channel tells CNET a third, major cyberattack against Sony is planned for the coming weekend. No known attack happens.

 

May 6, 2011

Oddly, Sony posts a guide on how to hack their Xperia Android phones. The post on the Sony Ericsson blog contains a detailed guide on how to build a Linux kernel and flash it to the phone, and includes download links for the necessary tools. It is suspected the post was meant as an olive branch to hackers—an attempt to mend tensions over Sony’s legal actions against jailbreakers.

 

May 9, 2011

Rep. Mary Bono Mack, chair of the Commerce, Manufacturing, and Trade Subcommittee, states that Sony’s manner of and delay of notifying users about the breach of their personal data was unacceptable. The statements were made during a House Energy & Commerce Subcommittee on Commerce, Manufacturing, and Trade hearing.

 

May 14, 2011

Sony announces beginning of phased game service restoration, along with enhancements to data security including higher levels of encryption. “Our main priority is the safety and security of our customers’ personal information,” said Kazuo Hirai, Executive Deputy President, Sony Corporation in a press release.

 

May 18, 2011

The discovery of a security flaw prompts Sony to suspend the PSN and Qriocity password reset pages. Seybold states on the PlayStation blog, “Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.”

 

May 20, 2011

Sony is hacked again. Digital security company F-Secure reveals the discovery of a live phishing site on one of Sony’s servers.

 

May 22, 2011

The Greek website of Sony Music Entertainment, SonyMusic.gr, is hacked, exposing data of 8,500 users. Samples of names, e-mails, and passwords of users taken from a database are posted on pastebin.com. Digital security company Sophos makes an accurate prediction that, “As long as it is popular within the hacker community to expose Sony’s flaws, we are likely to continue seeing successful attacks against them.”

 

May 23, 2011

Sony estimates financial losses from cyberattacks at around $171 million. This is in addition to a $3.18 billion loss for fiscal year 2011.

 

May 24, 2011

Sony Ericsson’s Canada eShop is breached by hackers, exposing an estimated 2,000 user records including their names, emails, and passwords. Sony Ericsson pulls the website offline. The Hacker News sends a tip to Sophos stating vulnerabilites were found earlier on Sony Music Japan that could let hackers access content with SQL injection.

 

May 25, 2011

An identify theft protection service is offered to users by Sony.

 

May 27, 2011

The Hacker News cites a forum post with a new vulnerability found on the Sony Playstation Store website. The XSS vulnerability could be used for phishing or other forms of cyberattacks. They claim “almost 70% Sony’s websites are Vulnerable with various Flaws … Sony Should Fix it as soon as possible, Before any next hack attack.”

 

May 30, 2011

Sony announces it will fully restore PSN services in the Americas, Europe/PAL territories and Asia, excluding Japan, Hong Kong, and South Korea by the end of this week. “We have been conducting additional testing and further security verification of our commerce functions in order to bring the PlayStation Network completely back online so that our fans can again enjoy the first class entertainment experience they have come to love,” said Kazuo Hirai, Executive Deputy President, Sony Corporation, in a press release.

 

June 2, 2011

Sony is hacked again, after announcing the start of full restorations to PSN services, and while the company was testifying before Congress on its network breaches. Hacker group LulzSec breaches Sony Pictures and dumps a trove of 150,000 records, with claims the full database contained more than 4.5 million records. LulzSec states “SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”

 

June 3, 2011

Sony begins releasing its “Welcome Back” package of freebies to users. LulzSec posts on its Twitter account that users should blame Sony for their being able to breach its networks. “I hear there’s been some funny scamming with jacked Sony accounts. That’s what you get for using the same password everywhere,” they stated. “Hey innocent people whose data we leaked: blame @Sony.” Sony Pictures releases a statement saying “We deeply regret and apologize for any inconvenience caused to consumers by this cybercrime.”

 

June 4, 2011

A Lebanese hacker breaches the user database of Sony Europe, compromises 120 user accounts. According to Sophos, this marked the 13th breach of Sony networks.

 

June 5, 2011

A hacker defaces the Sony Music Brazil website. The message states, in part, “Hacked The UnderTaker, Return The Legend Ottoman-Empire.”

 

June 6, 2011

After hacking Sony again, LulzSec releases the source code of the Sony Developer Network.

About The Author

Joshua Philipp is the founder and editor of TechZwn.com. He's also an award-winning journalist at Epoch Times.

2 Responses

  1. blue ruin télécharger

    Wonderful blog! I found it while surfing around on Yahoo News.
    Do you have any suggestions on how to get listed
    in Yahoo News? I’ve been trying for a while but I never seem to get
    there! Many thanks

    Reply
  2. qu'est-ce qu'on a fait au bon dieu télécharger

    I was curious if you ever considered changing the
    structure of your site? Its very well written; I
    love what youve got to say. But maybe you could a little more in the way of content so people could
    connect with it better. Youve got an awful lot of text for only having 1 or
    two images. Maybe you could space it out better?

    Reply

Leave a Reply

Your email address will not be published.