When I first heard about the now widely reported breach of security on Sony's PlayStation Network that has left up to 77 million users' personal information-including their names, addresses, email addresses, dates of birth, PlayStation Network password, PlayStation ID (handle), and potentially even credit card data-exposed, my first thought was: I wonder which password and credit card I used?
I entered all of this data years ago when first creating my PSN account and have long since forgotten it. I opted to have the console save my password and sign in automatically, which means I never have to think about what it is. What's more, I use PlayStation Network cash cards purchased from brick-and-mortar stores to fund my PlayStation Store wallet, so I've not had any reason to keep tabs on which credit card is associated with my account. And now that the PlayStation Network is down with no word on when it will come back up, I don't have any easy way of verifying these details.
A reader writing in to game blog Joystiq recommends searching your inbox for emails from "DoNotReply@ac.playstation.net," which should contain the credit card used for any purchases. I tried this, and it returned dozens of emails, but since all of my recent purchases have been deducted from my wallet balance, no credit card information is shown. Still, if you've used your credit card to make any PSN purchases it's worth a shot.
As for my password, I'm one of those people who rotates between a few, adding the occasional number or exclamation mark in a lazy attempt to foil potential hackers. I suspect the password I used for my PSN account is likely in use elsewhere, but since I can't remember it I don't know which accounts I need to change.
I contacted Sony Computer Entertainment Canada to see if they had any advice for PSN users, but was told that they're directing all questions to the U.S. PlayStation Blog, which is posting occasional updates on the situation.
In the end, I'll likely take the advice coming from multiple Internet security firms that have jumped into the discussion surrounding the PSN breach and just change everything, everywhere.
PSN account holders "need to act now to minimize the chances that your identity and bank account become casualties following this hack," said Graham Cluley, senior technology consultant at Sophos, an American security firm, in a Wednesday press release related to the PSN security debacle.
"That means, changing your online passwords (especially if you use the same password on other sites), and considering whether it would be prudent to inform your bank that as far as you're concerned your credit card is now compromised."
The upshot: I need to change all of my online passwords and cancel my credit card, then work to change billing data for any automatic monthly payments.
What a headache.
But I don't see any other way to be safe.
To be sure, part of the blame falls on me for not keeping up the regimented schedule of password changes that security experts advocate but which many people-in much the same way they ignore their dental hygienists' flossing advice-simply don't heed. Still, I can't help but feel bitter toward Sony for losing my data in the first place.
Time consuming and frustrating as the fix may be, at least I won't have to worry when it's done. My concern then goes to people who at one time or another signed up for PSN accounts and have since forgotten that they did so. I'm talking about the moms and dads who entered their credit card information on the family consoles years ago, the people who have changed their primary email addresses from the one to which Sony is supposedly sending an alert, and those who don't necessarily follow game industry or technology news. Thousands-perhaps millions-of people will likely go completely unaware that their personal data has been pilfered.
This is one mess that simply can't be tidied up. Expect repercussions for years to come.