Sony has made national news this week, but not in a way which they would approve. Sony discovered a “non-gaming intrusion” in the PlayStation Network sometime between April 17th and the 19th. In short, PSN and Qriocity had been hacked. On April 20th Sony officials stepped in and took PSN offline, and it has remained so ever since. Gamers are currently without PlayStation 3 online gaming, but at this point that appears to be the least of the potential problems.
As of the end of March there were 77 million accounts for PlayStation
Network, the service that lets gamers play online, download content, surf the net, and stream video from Netflix. Late last night (a week later) Sony released an official statement confirming the hack that everyone had already known about. The most potentially damaging segment of this statement is as follows:
“Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”
Speculation is wild about what took Sony so long to come forth with this important information. The company states that it took a forensic investigation team several days of analysis to discover the magnitude of the breach. Sony would obviously be unhappy to inform tens-of-millions of users about the theft of such personal information, and probably hoped to contain the situation quickly. When that solution failed to materialize in a timely manner, they were left with little choice but to make a late public statement. I was informed about 10 hours earlier by a local GameStop employee that PlayStation Network users should change their passwords and monitor their credit cards. Changing passwords would be a comforting thought if you didn’t have to log on to PSN to do so. I wonder why I had to receive this information from a source outside of Sony?
Earlier this year the PlayStation 3 root keys were published by hackers. I talked about this in a previous article about Sony’s War Against PS3 Hacking and Piracy. Sony was becoming very bullish and demanded Google hand over names and IP addresses of anyone that had viewed sites where the root keys were published and PS3 hacks were discussed. Many users and hackers had previously been trying to point out holes and errors in Sony’s security, that could easily be exploited and seemed to be very common knowledge. Sony also changed their online user agreement in a recent e-mail to users that had a very “accept this change of terms or go fly a kite” tone. PlayStation Network users also have ridiculous amounts of information collected about them by Sony, even down to the times and dates USB devices are plugged in. Had this industry-standard practice not been employed, not as much user information would have been stored and consequently stolen. There is already speculation that this may be the biggest theft of personal information in history. What was the motivation for the hackers? We may never know. Was the fact that Sony is a huge company that has thrown their power around as of late, making them not only an easy, but an attractive target a factor? Most likely, yes. A mystery hacker group “Anonymous” is speaking out about the hack and data collection and has released a YouTube Video. I am not supporting the theft or act by any means. Hell no, I am currently without online gaming and movies; but I am also not surprised by it in the least.
If ANY good is to come of this, it may be the fact that consumers are learning and talking about how to better protect their online identities. The news is now packed with segments about using small limit or prepaid cards when conducting transactions online. In the end, it really is the people that use credit cards on PSN that have the most to lose. Sony was vague, but said the network will be up near the end of the week. Hopefully when PSN goes back online, Sony and we the users, will be a little smarter and aware of the inherent risks that come with our current digital age.