Wednesday 26th November 2014,
Comic Booked

Epic Fail: How Sony Failed To Protect Themselves And You

Comic Booked Guest Writer 04/27/2011 Features

Sony has made national news this week, but not in a way which they would approve. Sony discovered a “non-gaming intrusion” in the PlayStation Network sometime between April 17th and the 19th. In short, PSN and Qriocity had been hacked. On April 20th Sony officials stepped in and took PSN offline, and it has remained so ever since.  Gamers are currently without PlayStation 3 online gaming, but at this point that appears to be the least of the potential problems.

As of the end of March there were 77 million accounts for PlayStation

Network, the service that lets gamers play online, download content, surf the net, and stream video from Netflix.  Late last night (a week later) Sony released an official statement confirming the hack that everyone had already known about.  The most potentially damaging segment of this statement is as follows:

“Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”

Speculation is wild about what took Sony so long to come forth with this important information.  The company states that it took a forensic investigation team several days of analysis to discover the magnitude of the breach.  Sony would obviously be unhappy to inform tens-of-millions of users about the theft of such personal information, and probably hoped to contain the situation quickly.  When that solution failed to materialize in a timely manner, they were left with little choice but to make a late public statement.   I was informed about 10 hours earlier by a local GameStop employee that PlayStation Network users should change their passwords and monitor their credit cards.  Changing passwords would be a comforting thought if you didn’t have to log on to PSN to do so.  I wonder why I had to receive this information from a source outside of Sony?

Earlier this year the PlayStation 3 root keys were published by hackers.  I talked about this in a previous article about Sony’s War Against PS3 Hacking and Piracy.  Sony was becoming very bullish and demanded Google hand over names and IP addresses of anyone that had viewed sites where the root keys were published and PS3 hacks were discussed.  Many users and hackers had previously been trying to point out holes and errors in Sony’s security, that could easily be exploited and seemed to be very common knowledge.  Sony also changed their online user agreement in a recent e-mail to users that had a very “accept this change of terms or go fly a kite” tone.  PlayStation Network users also have ridiculous amounts of information collected about them by Sony, even down to the times and dates USB devices are plugged in.  Had this industry-standard practice not been employed, not as much user information would have been stored and consequently stolen.  There is already speculation that this may be the biggest theft of personal information in history.  What was the motivation for the hackers?  We may never know.  Was the fact that Sony is a huge company that has thrown their power around as of late, making them not only an easy, but an attractive target a factor?  Most likely, yes.  A mystery hacker group  “Anonymous” is speaking out about the  hack  and data collection and has released a YouTube Video.  I am not supporting the theft or act by any means.  Hell no, I am currently without online gaming and movies; but I am also not surprised by it in the least.

If ANY good is to come of this, it may be the fact that consumers are learning and talking about how to better protect their online identities.  The news is now packed with segments about using small limit or prepaid cards when conducting transactions online.  In the end, it really is the people that use credit cards on PSN that have the most to lose.  Sony was vague, but said the network will be up near the end of the week.  Hopefully when PSN goes back online, Sony and we the users, will be a little smarter and aware of the inherent risks that come with our current digital age.

Like this Article? Share it!

About The Author

While the writer of this article may not be a part of our official writing staff, we hold them in the highest regard and felt that they should be published here for your reading pleasure! If you are interested in writing an article (or a series of articles) for Comic Booked as a Guest Writer, please contact us. [email protected]

  1. Trey Buffington 04/28/2011 at 12:12 pm

    Sigh… The world is coming to an end.

  2. Kim 04/30/2011 at 8:00 am

    77 million accounts! That's amazing! What can we do now to protect our data? Cancel our bank accounts or what? :/ I hope that everyone's going to learn the lesson and be more careful with their personal data. Sony could offer a payment via prepaid card like Paysafecard or something like that. Many big online games like LoL and Facebook have this payment option and now I see its advantage comparing to credit cards. You are never safe on the web, someone can always steal your codes, passwords and so on. If a prepaid card gets stolen, the damage is not that bad.

  3. Captain Trendo 04/30/2011 at 1:41 pm

    Excellent article, Mr. Robb Orr. I don't always see people bothering to make the distinction betwixt beneficial hackers and malicious attackers that have been branded with the same noun, as you seemed to.

    Moreover, this is the best reminder yet of how vulnerable our information will always be, when left in the hands of others; I'm mostly referring to big entities, places with a regular employee turnover rate and a pattern of somehow disgruntling some of them (you have to envision workers within these companies conspiring with angry customers. I can't help it. Verizon? Comcast? The list just goes on and on).

    Robb, thanks for the article. And I love your profile thumbnail and mini-bio!

  4. Robb Orr 05/03/2011 at 1:57 pm

    Excellent and insightful comments! Of course, by now Sony has been hacked yet again and the the supreme court has ruled to make it harder to bring class action suits against companies, while news has moved on to bigger stories. I always kind of liked the idea of open-source programing where so many people are encouraged to poke and prod to make sure the security and program integrity will hold up in the open market. I wish Sony and the people who had info stolen the best of luck.

Leave A Response