Posts Tagged ‘Sony Online Entertainment’

Sony Services Still Down

Tuesday, May 10th, 2011

As you may be aware, Sony has recently been the victim of a hacker or group of hackers. Details have continued to come out over the last few weeks, and Sony is continuing to update its security while trying to determine what has gone missing. The hacker(s) have gained access to quite a bit of information from users of the PlayStation Network and Qriocity. Many people have been upset by the breach, and understandably so. I’ve been patiently waiting to get back on the PlayStation Network so I can go about updating passwords and secret questions and such, hopefully avoiding any further trouble, especially concerning credit card information that may or may not have been compromised. While I, for one, am not upset at Sony, I would very much like to know the full extent of the damage, and ultimately would like to resume using the PlayStation Network.

On April 26, customers affected by the breach received a letter, the contents of which were echoed across Sony’s web sites, blogs, and social media networks. Here are the basics, according to the e-mail.

“We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.”

As of May 10, the services are still down. As anxious as Sony fans are to get their services back, I would hope that we all recognize the importance of the security upgrades. Sony intends to do right by its customers, as expressed in communications over the last few weeks, and including a letter from Sir Howard Stringer. Here is the letter:

“Dear Friends,

I know this has been a frustrating time for all of you.

Let me assure you that the resources of this company have been focused on investigating the entire nature and impact of the cyber-attack we’ve all experienced and on fixing it. We are absolutely dedicated to restoring full and safe service as soon as possible and rewarding you for your patience. We will settle for nothing less.

To date, there is no confirmed evidence any credit card or personal information has been misused, and we continue to monitor the situation closely. We are also moving ahead with plans to help protect our customers from identity theft around the world. A program for U.S. PlayStation Network and Qriocity customers that includes a $1 million identity theft insurance policy per user was launched earlier today and announcements for other regions will be coming soon.

As we have announced, we will be offering a “Welcome Back” package to our customers once our PlayStation Network and Qriocity services are up and running. This will include, among other benefits, a month of free PlayStation Plus membership for all PSN customers, as well as an extension of subscriptions for PlayStation Plus and Music Unlimited customers to make up for time lost.

As a company we — and I — apologize for the inconvenience and concern caused by this attack. Under the leadership of Kazuo Hirai, we have teams working around the clock and around the world to restore your access to those services as quickly, and as safely, as possible.

I know some believe we should have notified our customers earlier than we did. It’s a fair question. As soon as we discovered the potential scope of the intrusion, we shut down the PlayStation Network and Qriocity services and hired some of the best technical experts in the field to determine what happened. I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had — or had not — been taken.
As a result of what we discovered we notified you of the breach. Our investigation is ongoing, and we are upgrading our security so that if attacks like this happen again, our defenses will be even stronger.

In the last few months, Sony has faced a terrible earthquake and tsunami in Japan. But now we are facing a very man-made event – a criminal attack on us — and on you — and we are working with the FBI and other law enforcement agencies around the world to apprehend those responsible.
In the coming days, we will restore service to the networks and welcome you back to the fun. I wanted to personally reach out and let you know that we are committed to serving you to the very best of our ability, protecting your information better than ever, and getting you back to what you signed up for – all the games and great entertainment experiences that you expect from Sony.

With best regards,
Howard Stringer”

As posted on the PlayStation Blog.

I am not sure what a free month of PlayStation Plus will do for those of us not using the service, but it looks like Sony is really trying to make up for the inconveniences suffered by the fans. I think that the identity theft insurance is critical here, so much more so than the free month of PlayStation Plus or the account credits for Qriocity or other subscribers. I personally have identity theft insurance, but it couldn’t hurt to have Sony’s policy backing me up too. As the letter notes, there have been no reports of credit vandalism since the potential loss of secured information. It looks like most of the lost credit card numbers were attached to non-American accounts. Purchase history and such in the network could pose a problem, but Sony is addressing it.

Once service is reinstated, you should immediately change your password and update your security questions. It would probably be a good idea to remove any saved credit card info as well. If you have used similar user names or passwords on other sites associated with your e-mail address, you should change all of those too.

While there is a lot of panic going around, I am not so worried. The internet itself is full of this type of activity. Using the internet is an acceptance of the inherent risks. This includes sensitive data stored on Facebook. Once you put something on the web, there is a chance malicious users will try to take advantage. This doesn’t mean you shouldn’t use the internet at all. You run similar risks using an ATM machine or banking by phone. I don’t think this was as much a blunder on Sony’s part as much as simply being a large target. Amazon and Microsoft have had their own issues to contend with, largely due to their popularity. Sony is a pretty big target.

Sony will sort this mess out, and will do its best to encourage users to continue using the services. I am among those committed to returning to business as usual. As things devlop I’ll post updates to this blog. You can read the various posts and press releases here

What are your thoughts? Do you still trust Sony? Are you willing to resume using the services as they are reactivated? Let me know in the comments.