This means that there is currently no access to Everquest 2, DC Universe Online, Fortune League, Free Realms and other multiplayer games, forums and support sites.
In a statement on their sites today SOE said:
Dear Valued SOE Customers,Time to check those credit cards again? Time will tell, but for now it means I won't be playing EQ2 again until the lights come back on.
We have had to take the SOE service down temporarily. In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately. We will provide an update later today (Monday).
We apologize for any inconvenience and greatly appreciate your patience.
Oh well, time to catch up on my Mass Effect playthrough. It's a good job Game of Thrones is on TV tonight!
Updated!! More information after the break. Very important if you have an SOE account.
SOE have now confirmed that the downtime has been due to intrusion attempts and that user data has been compromised.
In a statement released today they have stated the following.
SECURITY UPDATESo, a serious breach indeed. This will only harm SOE's already shonky reputation. Luckily I've already replaced my credit card thanks to the earlier attack on Sony's Playstation Network.
As previously announced, we have been conducting an ongoing, thorough investigation stemming from the cyber attack in April and promised to notify you should there be any changes to the situation.
A press release was issued today outlining these details. We will promptly send a customer service notification via email to all of our impacted account holders whose customer data may have been stolen as a result of an illegal intrusion on our systems. This information was discovered less than 24 hours ago and in response, we took down our services until we could verify their security.
SOE is committed to delivering secure, stable and entertaining games for players of all ages and we're working around the clock to ensure this situation is resolved as quickly as possible. We deeply regret the inconvenience this has caused and appreciate your continued patience and feedback.
Sony Online Entertainment
CUSTOMER SERVICE NOTIFICATION
May 2, 2011
Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password. Customers outside the United States should be advised that we further discovered evidence that a information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) - we will be notifying each of those customers promptly.
There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
We apologize for the inconvenience caused by the attack and as a result, we have:
1) Temporarily turned off all SOE game services;
2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.
We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at + 44 870-600-0267 (Monday to Friday 15:00 to 22:00 GMT excluding holidays) should you have any additional questions.
Sony Online Entertainment LLC
At least this time they seem to have learned a lesson from the Sony fiasco and notified users quickly (instead of after a whole week).
I must admit, I am feeling a little nervous about putting new details into any Sony site right now, as I still feel they are a big target for hacker groups. The hacking syndicate Anonymous has claimed responsibility (though Sony deny this is the case), and they still have a big grudge against the company following the prosecution of Playstation 3 hackers.
I'll be keeping a close eye on this anyway.
No sooner had I posted the last update than SOE release more information.
SOE have stated the following.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:It gets worse. There are (currently unsubstantiated) reports that the stolen information also includes CCV (credit card verification codes). Could be time to change those credit cards folks.
In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:
bank account number
SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a "make good" plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.
TLDR? It's bad. Real bad. If you had an SOE account lots of your personal data, potentially including passwords and credit card information has been stolen!