As widely reported, a vulnerability called “Heartbleed” was recently found in OpenSSL, the popular open-source software used to encrypt and secure computer communications, that could allow data theft on systems using OpenSSL.
Like many others around the world, some Sony sites, including PlayStation and Sony Entertainment Network, used Open SSL. Sony immediately assessed the vulnerability and patched key affected systems. We have no evidence of any breach or data theft.
We continue to conduct a full investigation and will take appropriate action for any additional systems that might be affected. As our work continues, we will advise customers if we recommend the resetting of passwords or taking other action.
Thanks and feel free to post your feedback on this in this thread and if you notice any other threads discussing this topic, please refer them to this thread.
Thanks for letting us know so quickly.
I mean, after all, the exploit was made public a week ago. Some have only been trying to get information from Sony customer support since the 8th. Other major companies have only let people know their security status since that same date.
What the hell is wrong with Sony? Do you not think that your customers deserve to know the security status of their private information that they have entrusted to you.
The exploit may not have been your fault, but the way you handle informing customers of the situation is.
I tell you, some laws need to start being passed regarding these type of things. Companies should be, by law, issuing a security status statement to it's customers within 24 hours of such a vulnerability being made public. With the current status of the security, and ETA of patch completion.
One week of saying nothing, especially when you have been asked repeatedly is ridiculous.
Be One With The Game.