Sony Hacked – Timeline

April 2, 2011:  Anonymous, the online hactivist collective, begins Operation: Sony, a series of DoS (denial of service) attacks on Sony’s websites

April 11, 2011: Sony announces the case between George Hotz and Sony has been settled out of court and that Hotz has agreed to take down his website.

April 13, 2011: Anonymous releases a statement announcing they will intensify their attacks and calls for a day of protest against Sony on April 16, 2011.  Anonymous releases a video with the message, “In the eyes of the law, the case is closed, for Anonymous it is just beginning…prepare for the biggest attack you have ever witnessed, Anonymous style.”

April 16, 2011: Sony Online Entertainment is breached by hackers and 25 million users’ personal details have been stolen.  European users’ credit card/debit card information may also have been compromised.

April 17, 2011: Anonymous breaches into the Sony Playstation Network and steal ~77 million users’ personal information.

April 19, 2011: Sony detects the Playstion Network breach and begins damage control.

April 20, 2011: The Playstation Network is shut down, citing technical problems.

April 26, 2011:  Sony releases a statement disclosing the Playstation Network breach, and reveals that the Federal Bureau of Investigation has been called in to assist in the investigation.

May 4, 2011: Kazuo Hirai, chairman of Sony, discusses the series of attacks with a US Congressional committee.  During this meeting, Hirai reveals that the hackers left a ‘callin card’ implicating the hactivist collective, Anonymous.  The investigation revealed a file named “Anonymous” with the motto “We are Legion”.  Hirai says, “Security teams were working very hard to defend against DoS attacks, and that may have made it more difficult to detect this intrusion quickly – all perhaps by design.”

Later that day, a statement released supposedly by Anonymous, denies theft of credit card data but does not deny breaking into Sony’s computer systems or accessing personal data.  The statement said, “We are trying to fight criminal activities by corporations and governments, not steal credit cards.”

May 5, 2011: It’s announced by hackers that a third wave of attacks will begin on Sony in the near future.

May 7, 2011: Sony falls victim again to a data breach, a massive leak of 2,500 “old records.”  This information was made available through a Sony website and had been indexed by Google.

May 20, 2011: F-secure notices a phishing page found on a Sony web server.

May 21, 2011: Sony Music Indonesia is defaced by k4L0ng666.

May 22, 2011: Sony BMG Greece is hacked via SQL Injection and the data leaked on Pastebin ( a favorite public repository for Anonymous) which contained 8,500 usernames, email addresses, telephone numbers and password hashes.

May 23, 2011: The hacking group, LulzSec, leaks Sony’s Japanese Websites via SQL Injection in www.sonymusic.co.jp.  The leaked database did not contain names, passwords or other personally identifiable information (PII).

May 24, 2011: Sony Ericson is hacked by the Lebanese hacker, Idahc, via SQL Injction.  OVer a thousands records were dumped to Pastebin.  The names, email addresses, and passwords of 2,000 were contained in the leak.

May 26, 2011: LulzSec releases 4.5 million records.  Denying any responsiblity over the misuse of the leaked data records.  Over 1 million users’ passwords, email addresses, home addresses, dates of birth, and administrator login passwords.  This also included information taken from AutoTrader users database, Summer of Restless Beauty users database, Sony Wonder coupons database, Sony Wonder music codes database, and Seinfeld Del Boca Vista database.

June 2, 2011: Sony BMD Belgium (sonybmg.be) and Sony BMD Netherlands (sonybmg.nl) databases leaked.

June 2, 2011: Tim Schaaff, President of Sony NEtwork Entertainment International releases a testimony statement stating, “Sony Network Entertainment and Sony Online Entertainment have always made concerted and substantial efforts to maintain and improve their data security systems.”

June 3, 2011: apps.pro.sony.edu is hacked via SQL Injection and 120 names, phone numbers and email addresses are dumped.

June 5, 2011: Sony Pictures Russia (www.sonypictures.ru) database is leaked.

June 6, 2011: Sony Music Brazil is defaced and hacked.  The hacking group “The UnderTakers” brought the website down for more than 12 hours.