Security Major Historical

Sony PlayStation Network Hacked: 77 Million Accounts Offline for 23 Days

Sony
Sony PlayStation Network Hacked: 77 Million Accounts Offline for 23 Days
PlayStation Network sign-in screen on a PS3 console, the service that was offline for 23 days after the 2011 breach.Image: Sony Interactive Entertainment — Public domain (PD-textlogo) via Wikimedia Commons · Public domain

What happened

Attackers compromised Sony's PlayStation Network in April 2011, stealing names, addresses, email addresses, and potentially credit card data for 77 million accounts. Sony took the network offline for 23 days to investigate and rebuild infrastructure, costing an estimated $171 million.[1]

Sony's PlayStation Network was offline for 23 days in 2011 after a breach exposed personal data of 77 million accounts.Image: Bad.Technology archive
PlayStation Network maintenance screen displayed on a PlayStation 3 console
Image: Bad.Technology archive

What went wrong

Sony stored user data including credit card information without adequate encryption and had insufficient intrusion detection. The attack exploited known vulnerabilities in Sony's infrastructure that had previously been flagged by security researchers.[1]

Lesson learned

Payment card data must be encrypted at rest and subject to PCI-DSS controls regardless of the broader context. A 23-day outage demonstrates how breach response planning is as important as breach prevention.

Est. value burned ~$171M Sony's reported direct costs
breachgamingcredit-cardsdowntimeJapanglobal

Sources

  1. [1]
    Sony Wikipedia
    Sony PlayStation Network Hacked: 77 Million Accounts Offline for 23 Days Wayback Machine snapshot

External links can go dark — pages move, paywalls appear, domains expire. Every source above includes a Wayback Machine snapshot link as a fallback. All citations are best-effort research; if a source contradicts our summary, the primary source takes precedence.

More in Security