Between April 17-19, 2011, attackers exploited a known Apache vulnerability to breach Sony’s PlayStation Network (PSN) and Sony Online Entertainment (SOE) — the online gaming and entertainment platforms serving PlayStation consoles. Sony took PSN offline on April 20 and disclosed the breach on April 26. PSN remained offline for 23 days — one of the longest major service outages in gaming history. Approximately 77 million PSN accounts and 25 million SOE accounts were compromised. Exposed data included names, email addresses, birthdates, usernames, passwords (hashed), home addresses, and PSN/SOE profile data. Credit card information may also have been compromised, though Sony stated it found no evidence of this. Sony failed to encrypt the PSN password database and was also storing ‘outdated’ personal data in violation of its own privacy policy. Sony faced congressional hearings, FTC investigations, and class action lawsuits across multiple countries. The UK ICO fined Sony £250,000. The breach is a landmark case in gaming platform security and highlighted the risks of unpatched web server vulnerabilities on consumer service infrastructure.