Close
Report Comment to a Moderator Our Moderators review all comments for abusive and offensive language, and ensure comments are from Verified Users only.
Please report a comment only if you feel it requires our urgent attention.
I understand, report it. Cancel

Into the Breach

Wed 27 Apr 2011 2:15pm GMT / 10:15am EDT / 7:15am PDT
OnlinePublishing

Sony's PSN security breach looks disastrous - but it's so much worse than that

Sony Computer Entertainment

Sony Computer Entertainment is a Japanese videogame company specialising in a variety of areas in the...

playstation.com

In spite of the entirely justified anger which consumers are feeling towards Sony this week - and as a consumer whose debit card has just been compromised by the security breach, while I'm living halfway around the planet from the bank which issued it, no less, I think I can speak with some authority on that anger - it's hard not to feel a little sorry for the workers at the coalface of this disaster. "Disaster" is truly the only word for it, and one flinches to imagine just how awkward life is right now for the network engineers and security specialists whose job it was to prevent such a breach.

After all, as some of the company's more ardent defenders have pointed out, it's not like Sony are the malicious party here - a determined group of hackers (but not the "Anonymous" group, as was originally assumed) illegally breached the company's security. PlayStation fans rushed to Sony's defence on those grounds; games business types, while not exactly leaping into the breach, have been vaguely muttering about the "real villains" - the implication being that consumer ire is misdirected.

Not so; consumers are quite right to be furious at Sony for this breach. Certainly, the breach was committed by hackers, but the trust relationship which has been broken here is the one which exists between consumers and the company to whom they have granted permission to hold their personal details. Consumers don't have a relationship, trusting or otherwise, with hackers. They have a relationship with Sony, and that relationship is predicated on Sony's assurance that it is a competent and responsible holder of personal data.

Forced to admit to the scale of the disaster, Sony looks incompetent and bungling.

There's absolutely no question but that this is a hugely damaging blow to Sony, and to the PlayStation in particular. The PS3 has already faced fairly significant market challenges, not least of which is the clear inferiority of the PSN services in comparison to Microsoft's more functional and widely-used Xbox Live services. Clawing back the one-year sales lead enjoyed by Microsoft has been a tough task, arguably exacerbated by the technical and economical problems created by the PS3's over-ambitious yet poorly considered hardware design. This week's scandal shoves a stick into the spokes of that effort to best Microsoft's market position.

Even if the actual damage caused by this intrusion is minimal - and there's some suggestion that it was designed to embarrass Sony rather than to actually steal customer data, being a revenge attack of sorts for Sony's recent legal and technical attempts to prevent the opening up of the PS3 to homebrew code - the reputation damage is incalculable. Forced to admit to the scale of the disaster, Sony looks incompetent and bungling; by doing so so many days after PSN originally went offline, the company looks dishonest (even if there's a genuinely good reason for the delay, as the firm claims).

Loss of face aside, though, just how seriously will this damage Sony? We've seen all manner of predictions on that front, spanning everything from the inevitable claims that it's a storm in a teacup through to the equally inevitable (and equally incorrect) claims that this is the end of the PS3 as a viable platform.

That's obviously not the case - it's ridiculous to claim that gamers are going to abandon a successful hardware platform in which they are heavily invested because of an event such as this. The negative press, however, reaches far beyond specialist sites and blogs, and will absolutely influence purchasing decisions in the months to come, depressing Sony's sales and probably giving its rivals an opportunity to extend their installed base leads - a serious blow to the company. Moreover, unless a swift resolution is reached, the story will inevitably rear its head again when the NGP, a handheld console heavily reliant on PSN, makes its way to the market.

Those are short-term impacts of the breach, though, and however severe they may be, I'd argue that they pale in comparison to a long-term effect which is more subtle, but potentially absolutely catastrophic for Sony's future business plans. In blunt terms, Sony just lost the single most valuable asset for a major player in the digital media space - consumer trust.

Right now there's a hearts and minds battle being joined over what the channels for the consumption of digital media - games, of course, but also music, movies, books and so on - will end up looking like. The really successful companies at the end of this battle will, of course, be those who can marshal impressive libraries of content to offer to users, ensuring that they don't have to shop elsewhere for the things they want to buy. Sony is well positioned to do this, thanks to having tentacles that delve deep into various different media businesses, and a strong history of building relationships between the consumer electronics space and media firms.

However, the second factor - and arguably the more important one - is the question of whether consumers trust your company to be the gatekeeper for their media purchases. Astute analysts have observed that the true value of companies like Amazon and Apple doesn't lie in the products they sell right now, but rather in the enormous number of consumers who have entrusted their credit card details to them - allowing them to buy media, commence subscriptions and so on without entering card details or personal information. The Kindle book you want is published by Random House, but you're buying it as an Amazon customer; the newspaper you're subscribing to is a News International property, but you're buying it as an Apple customer.

Sony wants to own you as a media consumer, and this week, it gave every media outlet on the planet a headline that says it's not competent to handle that role.

Similarly, Sony is keen to build up a huge library of customer information - the personal information and credit card details required to process purchases with a single tap of a button, enabling you to buy games, add-ons, DLC and various other media from a whole ecosystem of publishers and creators using Sony as your gatekeeper. It may seem like a subtle thing, but it's hugely important to the businesses involved - the company which "owns" the customer holds the dominant hand in the marketplace.

But "owning" the customer isn't an easy task, because it required a constant eye on the trust required for that relationship. That trust can be breached in many forms - abusing the relationship by misusing personal data is a common problem, for example. In the recent ruckus over Apple's subscription terms for magazines and newspapers on iTunes, the key factor wasn't the 30 per cent charge the company was levying. Rather, it was the fact that Apple wouldn't pass personal info about subscribers to the publishing companies - who presently enjoy a healthy revenue stream from hawking that personal information as a sales channel for other products. Great for the publishers, rubbish for their customers, and a breach of the implicit trust relationship between consumer and gatekeeper which Apple would not countenance.

Yet that kind of breach of trust pales in comparison to what Sony just did - or rather, didn't do, in that it clearly failed to pay the appropriate attention to the crown jewels of the PSN service, namely the database of customer information at its heart. Until this week, Sony was on the short list of firms I trusted to the same level as Amazon, Apple and their ilk with my personal and financial details. No longer - which doesn't mean I'll never buy anything from PSN again (although some people will definitely reach that conclusion), but rather that I won't ever trust them to hold details of one of my main credit or debit cards again.

Sound like a subtle problem? It's not. Sony, in the end, wants to be the trusted service from which all of your media content comes. It wants you to download music, stream movies, grab the latest games, make in-game purchases for DLC, buy books for your Sony Reader or Tablet - all using a single simple login that hooks into its customer database. It wants to own you as a media consumer, and this week, it gave every media outlet on the planet a headline that says it's not competent to handle that role.

As Sony's network team struggle to get the PSN service back online and limit the damage of this disaster, the company's executives face an even bigger headache. Apple has stolen a march in digital media distribution which now even threatens to impinge on Sony's gaming stronghold. Amazon is a huge force in ebooks, a growing force in music and almost certain to make a stab at the App space - including gaming - in the coming months. Microsoft has a superior online gaming service and a trusted brand, and is very likely to bring serious weight to bear in digital media, perhaps as a key thrust of its upcoming Windows 8 operating system. And Sony? Sony just put a dunce hat on its head and went to sit in the corner. When PSN comes back online, the long and difficult process of rebuilding consumer trust will only be beginning.

52 Comments

Michael Vandendriessche Studying Computer Science, K.U. Leuven

85 12 0.1
hmm, I'd like to see what other people here have to say about this matter.
FOR ME PERSONALLY it's not a big deal.
Ofcourse I understand it is a big deal for Sony and for people who use PSN daily and have their credit card information on it.
I am a playstation(and sony) fanboy and will remain one. (I like nintendo and microsoft too, i'm not a basher)
Maybe the fact that i use prepaid PSN cards instead of credit card to pay on PSN has something to do with it.

I think the post is too exagerated. Ofcourse it's not good for Sony but will it really have that much effect in the long run? It's probably forgotten by most people next year and even in a few months.
I do hope sony takes this serious and makes improvements on PSN. As long as they do that I don't think it will affect them as much as described in the column.

Posted:3 years ago

#1

Kingman Cheng Illustrator and Animator

954 183 0.2
Well said, as I've been thinking myself it's trust that's a big issue here and I'm sure this will have an impact for a good while.

Posted:3 years ago

#2

Nick McCrea Gentleman, Pocket Starship

197 332 1.7
As well as being a serious blow for Sony's efforts, there may well be wider implications. Although unaffected personally, this is the first data breach story that's really made me consider carefully what companies have access to my payment details - primarily MS (Xbox Live), Valve (Steam) and Apple (iTunes). Something I'd previously thought very little about.

I'm suddenly a little bit more nervous about online transactions, and I'm sure I'm not alone. Will it last? Probably not, but who knows?

Posted:3 years ago

#3
Yeah Sony goofed.

But Microsoft goofed when Bungie released a ton of customer info a couple of years back. Nintendo goofed with play.com when user info was wrongly acquired. Just Google "X" company with the words "online breaching" and see how many results you get.

This is all a human endeaver; human companies ran by humans, being hacked by clever humans - nothing here can be perfect and safe. This is just another bump to get over, not some dunce hat metaphor that makes it seem like Sony's days are numbered.

Build a bridge and get over it.

Posted:3 years ago

#4

David Spender Lead Programmer

129 54 0.4
Its funny that no one draws a comparison between the thefts of intellectual property. The first being Sony's, whether it be movies or games, having a number of serious consequences - some of which are thrust through the courts with no due process. The second being the theft of my personal information, facilitated by Sony's ineptness, for which there is no consequence of any meaning (maybe some drivel class action suit in the future).
It reminds me of how my bank charges me fees for any number of faults on my part but when they overdraft my account on their error, miss the $50 bill in my ATM deposit envelope, there are no consequences.
This is serious! To call it a 'goof' is to say you're ambivalent to whether it happens again or not. Companies need to take better precautions to protect our data and something or someone needs to hold them accountable.

Posted:3 years ago

#5

Jason Marchant Editor/Journalist/Copywriter

8 1 0.1
As a PSN user/shopper, it's interesting to note that I am yet to be 'officially' informed about this security leak by SCEE.

Despite having all my contact details (as now, do the hackers), I haven't received an email, letter, phone call or even PSN message (although PSN is down so they couldn't) to say "Sorry Mr. Customer, but your details have been hoiked from our vaults. Best keep an eye on your bank statement".

I find this lack of pro-active customer care more insulting than the breach, which as you mentioned, wasn't ultimately their doing.

Posted:3 years ago

#6

James Butterworth IT Hardware & Software

24 1 0.0
First the security of the PS3 is smashed open, possibly irrevocably without new hardware design and release, now their PSN is hacked?

I had a feeling it would happen, but it's about time Sony realised that the hackers will always be one step ahead. It doesn't matter who you are. Apple, Sony, Microsoft, the hackers are always ahead, and possibly more qualified. The companies need to start looking at hackers in a good light, and actually employ them to HELP INCREASE security, because if they can crack it, they can improve it. Suing them into the ground because they're fighting to be able to do what they want with their own hardware will get you nowhere. I'm with the hackers on that one, I HATE brand locking IMMENSELY, and Sony/Apple are the worst in the world for it. They have their own platform needing their own proprietary software (Apple's iPod/iPhone & iTunes, and Sony's Walkman & ATRAC, anyone?) and jailbreaking is LEGAL in my eyes, as well as the law in Apple's case. The sooner the industry wakes up the better.

I have a PS3 slim unwanted gift that is hardly ever used. I am more of a Microsoft guy, as the Xbox has always been superior to PS hardware, and I don't trust Sony at all with their poor design and marketing skills. In terms of the comparison of XBL and PSN, you get what you pay for, which with Sony, is nothing because PSN is free and laggy as hell, so you can't moan. Would you get a 5 star hotel room for nothing, or an expensive meal? I prefer to pay money to get a stable fast Xbox experience, as I'm paying Microsoft to build the Live infrastructure, along with all my other XBL buddies.

Posted:3 years ago

#7

Diarmuid Murphy Developer Marketing, Microsoft

33 0 0.0
I would agree with Nick, that this will have a negative impact across the digital economy.
For us tech savvy consumers this is an annoyance and inconvience but it will not put us off buying online.

For those who do not buy online regularly or at all they now have lost the one rule of thumb they used for buying online. If it is a big company I know I can trust them.
When my parents and other non tech savy friends read about Sony's failings they think "I guess I am not safe anywhere online" such as eBay, Amazon, Microsoft so they will stick with brick and mortor shops.

Sony really need to put their hands up and say were messed up big time. Please accept this gift as a token of our gratitude for staying with us and it won't happen again.
When Xbox Live went down for a couple of days over Christmas years ago they gave a free XBLA game to everyone affected. That is how you restore consumer confidence.

Posted:3 years ago

#8

Abraham Tatester Producer

71 53 0.7
Well said, Rob. I agree that from the business and consumer standpoints, this is pretty huge; and it represents a boost for Microsoft's Xbox that all the marketing and PR funds in the world couldn't buy. While there's no denying that folks have short memories, if the forums are anything to go by, this will drive gamers by the thousands into the arms of Microsoft.

Hubris and incompetence are never a good combination, but Sony apparently has bucket loads of both.

It's hard for me to counter the idea that Sony unintentionally invited the attack through their very public and very aggressive pursuit of George Hotz and others. Whether or not it was perpetrated by Anonymous (and I think they would take credit for it if it was) this seems to be a pretty clear case of retaliation.

And then there's how Sony has handled the situation since it broke. As if the inconvenience of PSN being down for so long wasn't enough, we're all given next to no explanation until yesterday, when we (in the U.S.) received an email telling us to start checking our credit reports! It's as if Sony's lawyers decided to wash their hands of the whole issue, and dump all responsibility for what happens next on PSN users.

The bungling goes on ...

Edited 1 times. Last edit by Abraham Tatester on 27th April 2011 5:15pm

Posted:3 years ago

#9

Curt Sampson Sofware Developer

596 360 0.6
Actually, for me the potential compromise of credit card information isn't that big a deal; I check my statements carefully and the credit card company will make sure I don't have to pay for things someone else buys on my card.

But the general trust issue is key: Sony has shown that a) they aren't really very competent when it comes to security of any information I give them, and so I'll be much more careful about what I do give them, b) they can't reliably avoid major outages of their on-line systems, meaning that I need to be careful about what sort of services I buy from them, and c) their PR department isn't going to tell us the full truth about any of this. In other words, if I can get some particular service from Sony and a more trustworthy company, why would I ever go with Sony?

Posted:3 years ago

#10

Anthony A Studying Msc Management, Lancaster University

5 0 0.0
This article hugely blows things out of proportion. As for:

"Not so; consumers are quite right to be furious at Sony for this breach. Certainly, the breach was committed by hackers, but the trust relationship which has been broken here is the one which exists between consumers and the company to whom they have granted permission to hold their personal details. Consumers don't have a relationship, trusting or otherwise, with hackers. They have a relationship with Sony, and that relationship is predicated on Sony's assurance that it is a competent and responsible holder of personal data. "

No, Sony doesn't assure anyone that it is "infallible". It assures them that a standard of care will be taken in holding their data. It cannot predict or stop all breaches that might occur. The question is, will it learn from this?

Posted:3 years ago

#11

Terence Gage Freelance writer

1,288 120 0.1
I do think that this is more of a PR nightmare than it will be an actual issue for most PSN users. Sony have handled it poorly; not saying anything for days and then not really giving much away when they do finally issue statements (and with abashed apologies sorely lacking).

I haven't really lost my faith in them as a consumer though, because this stuff happens and if anything it will make their security tighter - although I may think differently if I find erroneous charges on my next bank statement. For instance, I still shop with Shopto after they had a similar failing a year or two back, and as I recall Play also had a card details slip up a few years ago. I agree with Terrence that it's crappy but it does happen, and some people are making perhaps a little too much out of it.

Posted:3 years ago

#12

Nigel Knox Software Engineer, Slant Six Games

11 0 0.0
I personally blame the Goerge Holtz, failOverflow, and to a lesser extent the whole Linux porting community. Effectively they broke the door down to Sony's security, and a criminal followed them through. The result is, I fear, they may have killed the PS3. "Free software" has ended up costing a lot of people a lot of money, and I fear a lot of jobs in the Games Industry to boot.

They may like to sound off about "the right to run any software I want on my machine", but by breaking security, they enable hacker/cheats/pirates. The biggest repercussion of this episode,is that it puts to bed the idea of "engaging" with Linux hackers. Sony will never again support "other OS". In fact, if they are smart, they will put some time and effort into making any future system inherently incompatible with Linux.

Edited 2 times. Last edit by Nigel Knox on 27th April 2011 6:25pm

Posted:3 years ago

#13

Ryan Duclos Code Monkey, Double Cluepon Software

10 0 0.0
This isn't a big deal. People who aren't idiots check their online bank accounts daily. Banks have made it easy to dispute charges and get your money back if something is amiss.

PSN gets hacked and MAYBE my credentials are stolen, so what? What Bank hasn't been hacked into and had user info stolen?

This is nothing out of the ordinary and if anyone has lost trust in Sony for holding valuable information, then you better start taking all you money out of the bank and burying it the back yard in tin cans.

Posted:3 years ago

#14

Jay Filmer Web Developer, Steel Media

8 0 0.0
It's not just a lack of trust in Sony that comes from this though.

Large-scale security breaches cause wider distrust. People who were previously more than happy to blissfully and ignorantly throw personal info at almost any company that requests it, will now be thinking about what they're doing. Bad news for all companies trading and storing personal info via a web interface.

For the most part, I've been quite trusting up to this point - I have personal details locked up at Paypal, Amazon, Microsoft, Sony, Apple and numerous other web-facing organisations ranging from big to small. And before now I've thought nothing of it really. But since the Gawker password torrent file and now this Sony 'disaster', the web doesn't feel as safe. I'm now going to be more cautious about who I give my info to and will be looking for a fair amount of reassurance before signing up to anything, be it a new online service, shop or games forum.

And that goes for the Eurogamer Network too! Hope you're encrypting our passwords properly!

Posted:3 years ago

#15

Andrew Jakobs Lead Programmer

240 99 0.4
Personally I can't be bothered as thanks to Sony I cannot connect to PSN since they released OFW 3.20, I'm still on OFW 3.15 due to OtherOS, so I already have a particular grudge against them..
But also I think this will blow over once PSN is back up, most gamers will forget this after a few days, it's propably the media which will keep this going and blowing it even further up as always..

Also don't think that this is a problem Sony faces alone, Sony had the unpleasant fortune to be heavily targeted by hackers (after being left alone for years), Apple/Microsoft/Nintendo/Steam would have propably exactly the same problems if they where directly/heavily targeted by hackers. Also all those companies have had trouble in the past, also we must not forget about Xbox Live also having been offline for almost a week a few years ago, also right in a holiday season..

And we really can't say if Sony is accountable for being breached, that all depends on if they've taken enough measures to fend hacking off, hackers are very smart and it might really be a freak method how the network was hacked (you just cannot protect yourself against every unknown method).. But that's something a judge propably will have to say after a very thorough investigation by an external COMPETENT party..

Posted:3 years ago

#16

Klaus Preisinger Freelance Writing

1,136 1,174 1.0
Maybe this serves as a lesson as to what information we are willing to hand out in order to receive a product which is not improved by knowing the size of my underwear.

Posted:3 years ago

#17

Julius Nkemdiche Studying BSc Enterprise in Computer Games Technology, University of Portsmouth

2 0 0.0
Not a big deal at all, but it is funny how its made out to be such a big deal, I suppose that's the media for you. This stuff happens all the time!

Posted:3 years ago

#18

Julian Toseland games podcaster/website

23 6 0.3
OK, is this out of proportion, I'm unsure exactley, but what I will say I do agree with all the troubles Sony have had recently hacks, and now this, and more besides, I think the time has come for even the most loyal of customer to now start questioning Sony's way of running thngs, poor at least, abismal at best.

Now if we all actually just take a minute here, THE actal problem will not cause anyone serious grief, even on a worse case scenario you do get your cards charged, in the long run, all will get sorted for you.
Now i know that is not good, but this is about the most decent discussion I have read so far, god help you if you go read on the official Sony blog, the teen fanboys are rife with just rediculous statements as usual.

My personal belief, this will do a lot of damage long term, it's not the actual crime for me, its the "constant" mess ups by Sony now that are just getting a little bit much to take.

Even though I need my PS 3 to review stuff on the podcast, I'm seriously thinking of trading in and getting a 3DS, then again probably not worth that much....lol just kidding, I really think it will take a while for Sony to recover from this though.

Posted:3 years ago

#19

Jim Webb Executive Editor/Community Director, E-mpire Ltd. Co.

2,270 2,439 1.1
Nigel Knox: "I personally blame the Goerge Holtz, failOverflow, and to a lesser extent the whole Linux porting community. Effectively they broke the door down to Sony's security, and a criminal followed them through."

-----------------------------------

Was this breach originated on or enabled because of a hacked PS3?

Posted:3 years ago

#20
Hopefully this leads to an improvement of awareness and security at all digital download businesses. While I'm a big supporter and fanboy of digital distribution it is sometimes scary to see how careless many shops treat this issue.

Edited 1 times. Last edit by Sebastian Lindig on 27th April 2011 7:00pm

Posted:3 years ago

#21

Tyler Minarik Contributing Editor

9 0 0.0
Funny, this just happened to Chase Bank last week:

[link url=http://www.bankinfosecurity.com/articles.php?art_id=1768
]http://www.bankinfosecurity.com/articles...[/link]

Which is probably more serious, since that's direct access to money and bank accounts. This happened to apple too just two years ago:

[link url=http://gawker.com/#!5559346/apples-worst-security-breach-114000-ipad-owners-exposed
]http://gawker.com/#!5559346/apples-worst...[/link]

Didn't slow them down one bit, because just like Sony, they have a great product.

In the case of Sony, my name and address are only useful in conjunction with my social security number or credit card number, which Sony only has the credit card. I don't know about the rest of the world, but for me it's incredibly simple to get that number changed, and Bam! Everything is okay again. I also have alerts set up so that you need special permission to make large transactions and I get e-mails/text messages when someone tries to do so. Therefore, I'm not worried.

Sony certainly needs to step up their security, but it's not like this is the first or last company that this will happen to. This should be a calculated risk when you hand your info to any company, and it just seems like over the years people have become very relaxed with that, assuming that every company's network is like Fort Knoxx (yes, the second x is on purpose). Thus, this should always be a concern, and hopefully this simply serves as a reminder of that.

As for not buying any more PSN products, that idea is out the window for me. I won't hesitate to make more purchases, any more than I'll hesitate to make a purchase at any other place that's been robbed in the past. I'll simply be a responsible consumer just like always, and watch my bank accounts, while taking solace in my banks policy to refund me if I suffer fraud at the hands of thieves.

As for the claim that MS's service is superior, I don't believe that for a second either. It may appear that way right now since it's currently online, but they've had their own problems in the past, and I doubt they'll be problem free in the future. I expect PSN to return as a free, robust, and hopefully reliable service, just as it was in the past.

Posted:3 years ago

#22
F***Ing criminals! Go home Anonymous. Why don't they just trow their own ps3 to trash and let others live in peace...

Posted:3 years ago

#23

Joe Winkler trained retail salesman, Expert

171 4 0.0
@Roland
Anonymous could/can be anybody. Maybe they just broke the code and gave it to others? Maybe it wasnīt anonymous in the first place? Just some garage kids with too much computer know how to get this "work" done. If thereīs nobody to blame under the name of anonymous, why donīt just pick any regular guy on the street?
This is no offense at all, but you cannot "catch" this group. Maybe some individuals that can be related to that.
AND thatīs the thing thatīs bugging me most.

Posted:3 years ago

#24

Andrzej Wroblewski Localization Generalist, Albion Localisations

103 78 0.8
I'll keep saying this over and over again... The marketing will destroy the World. Unless, of course, the World sees through their precious and delicate web of lies.

Posted:3 years ago

#25

Abraham Tatester Producer

71 53 0.7
To those who insist this is not a "big deal," Sony's ADR price is down more than 5% since Thursday, and almost 3% today. Remember, that's also factoring in the announcement about their tablets, which typically would put upward pressure on the price.

Whether or not the downward price movement is related ONLY to the attack is debatable, but it's also front-page news at FT.com and WSJ.com. A story about the attack is the most-emailed and the third most-read on WSJ.com.

A lot of people—editors, readers and investors—seem to think this is a big deal. And judging from the comments on the PS3 blog, so do many gamers.

Edited 1 times. Last edit by Abraham Tatester on 27th April 2011 8:16pm

Posted:3 years ago

#26

James Park Studying BSc Computer Animation, University of the West of Scotland

2 0 0.0
I, personally, can't find fault with Sony other than maybe having a little less security than I thought.
Then again, who are we to say the security was too lax?
Nobody had stopped to think about the skill of the hacker/s who did this.
If people can hack into the Pentagon, then this would be child's play.

Other than that, though, I don't believe any bond of trust is broken here.

Put in another perspective; imagine you gave your wallet/purse to a friend to hold and they got mugged and stabbed, your credit cards being stolen. Are you actually going to blame your friend for not having a stab-proof gut or are you going to be sympathetic and do your best to help authorities figure out what had happened?

Sony's PSN is the stab victim here, lying in hospital with a hole in its side and unconscious. Stop shitting on the bed and bring it some grapes.

Posted:3 years ago

#27

Miguel Melo Software Engineer

65 0 0.0
Admittedly this is be a major PR snafu to the general populace as the scaremongering media is having a field day. I therefore am not surprised if volatile stuff such as Sony share options plunge.

On a personal note I agree this is unfortunate but, to me as a PSN member, it's not a huge deal. I am convinced that Sony wasn't any more careless with my data than other providers I also trust: they were just unfortunate to be targeted.

As for starting to favour xbox live after this (I also own a 360), it's not gonna happen: the fact that PSN usage is free buys a lot of tolerance on my part. :)

Posted:3 years ago

#28

Ben Herman CEO

12 1 0.1
Let me give Sony some props. They e-Mailed their 75M users within a day. A similar breach affected many people in a different industry and we all got a letter with a free offer for a credit bureau subscription 60 days after the breach. That was useless 60 days later.

Until one person loses money because of this Sony breach this is a hacker being a hacker. And then there is Wikileaks. Get over it. Sony did not do this. Some hacker is making a name for himself.

Posted:3 years ago

#29

Will Wilson Web & Community Manager, NaturalMotion

7 3 0.4
Excellent editorial as always, Rob - hope you got your money back the fraudsters took without much agro. One good thing about banks I've found is their fraud departments are usually on the ball when it comes to these sorts of things, but it's never a pleasant experience to go through.

As for the topic itself, I'm more concerned about the hackers' motives than anything else. If these reports of card cloning etc. from the hack are true, it would suggest that they weren't just targeting the company in a 'revenge attack' for Sony's previous handling of the Geohot affair (as has been suggested by some quarters), but are actually in it for the cash alone (selling on card details to criminal gangs).

If that's the case, then unless MS have a much more secure system I wouldn't be too surprised if its network would be the next target on their list

Posted:3 years ago

#30

Gregory Keenan

102 11 0.1
Strom in a tea cup. I would elaborate my argument, but it would fall on deaf ears.

Posted:3 years ago

#31

Robert De Doelder IT

1 0 0.0
Yawn.. bunch of drama queens..
The good news is that perhaps I can pick me up a cheap 3rd PS3 from some dumbass who overacts :)
The fact sony got hacked does not prove they were lax.It (for now) proves they were targeted.

Posted:3 years ago

#32

Max Priddy

64 12 0.2
To be fair, this wouldn't have happened to this extent if Sony didn't have such crappy security, and the fact they had credit card details on the same servers as PSN in plaintext (from what I've read). Contrary to what Nigel said, Linux is not the problem, geohot and failoverflow aren't directly the problem either. The problem is that Sony's security measures weren't all that great to begin with, simple as.

Posted:3 years ago

#33

Adam Yaure Studying MSc Games Programming, University of Hull

18 0 0.0
@James
Sony's PSN is the stab victim, but its relationship to us is not a "friend", but more of a hired boardguard.
Look at it the other way, imagine a bank lost all your savings will you not blame them?

Sony gonna need to spend hell a lot of $$$ to strengthen its security and building back its trust.

Posted:3 years ago

#34

Private Industry

1,176 182 0.2
Not the first company to get hacked and not the last one. I doubt the security of the PSN was really bad and I`m sure if anybody would really try to hack Xbox Live they can do that and do the same amount of damage there. Sony just seems to be hack target number one right now unfortunately. Good that I only use PSN cards and spend all the money in my wallet for the tsunami so nothing there to steal.

I remember German banks sending CD`s around with the personal data by mail and the mail disappeared, now for that you can blame a company and I would regard the PSN security still as a lot better than let`s say Facebook with all those little nice worms and whatever.

Posted:3 years ago

#35

Wasib Hussain Studying International Business, Finance and Economics, University of Manchester

3 0 0.0
Game over for Sony and the PlayStation brand. I for sure will never trust this company ever again. I hope International Law comes after them and sues them for everything they have. I have for many years invested in PlayStation and Sony products but this really is not on. I still cannot believe it happened - but it did.

Sony have just destroyed their reputation - no consumer should ever trust them in my opinion. This is a bad rotten company - from strategic disasters and now to treating their consumers data as pieces of trash.

I have no sympathy for them from now on. I hope Howard Stringer is proud of the Sony he has led - this event being a glorious memoir for his retirement - well done.

Edited 3 times. Last edit by Wasib Hussain on 28th April 2011 1:52am

Posted:3 years ago

#36

Hector Remy Programmer

8 0 0.0
Still there is no concrete evidence that credit card numbers have been compromised. These hackers are standing outside the door and blocking traffic. I doubt they have the expertise to take control of their system better than the creators themselves. I just can't wait for this to blow over and their 15 minutes of fame to be over.

Edited 1 times. Last edit by Hector Remy on 28th April 2011 7:25am

Posted:3 years ago

#37

James Steele Senior Software Engineer, Nintendo of Europe GmbH

15 17 1.1
@Hector - you're right, there is no concrete evidence that credit card data has been compromised. But at the same time, after a week, Sony are unable to offer any assurances that credit card details have not been leaked, and I find this extremely damming.

The only advice Sony can offer right now is to "monitor your account". Well, you know what? I shouldn't HAVE to monitor my account because a third party (Sony) messed up in such a major way. So last night, I cancelled the card that was used for PSN...I feel sorry for the guy working for my bank, as it sounded like he's been handling cancelations because of the PSN hack all day.

Sony shouldn't be worried about consumer backlash, as has been said, after a while this will all be forgotten. They shouldn't even be worried about prosecution under any countries Data Protection laws, as the fines will be pretty weak.

If I were Sony, I'd be worried about all of the banks who are lossing masses of money because of the re-issue of credit cards. They're the ones who can afford lots of lawyers to claim damages against Sony.

Posted:3 years ago

#38

Stefano Ronchi Indie Game Developer

50 0 0.0
More than ever I think that all this cafuffle puts forth a most important point: update the psn service.
If they are truly re-building it from scratch then it's the perfect opportunity to rebuild it as a competent and decent service, who everyone pays for (or at least make the psn plus service comparable to live gold), and that is not lagging behind the xbox service anymore.

It would be an ideal situation to turn a catastrophy to their advantage, but alas I guess I'm just an optimistic fool. Still, I hope that you're going to do it Sony, even if you're not.

Posted:3 years ago

#39

Alasdair Gray Junior Account Planner, Five by Five

9 0 0.0
Ultimately, the ball is in Sony's court. They could easily make the situation worse, but I don't think it is past the point of potential recovery as the article seems to suggest.

I agree with Stefano that there is an opportunity for a phoenix to rise from the flames, but it's going to require some wise (and, perhaps, quite bold) decisions. Time will tell.

Posted:3 years ago

#40

Andrew Goodchild Studying development, Train2Game

1,254 421 0.3
The problem there is that they can't build an Xbox live type service without investing money, which they can't do without the revenuethat charging brings, but they can't start charging this late in the day, as they have used free connectivity as a selling point since the launch of PSN. It was a mistake not to start charging from the outset, but they just didn't take online as seriously as MS and Sega did back then.
Charging now would cause a virtual riot.

Posted:3 years ago

#41

Miguel Melo Software Engineer

65 0 0.0
@Stefano - I think making people pay for PSN has no correlation to the problem at hand (they weren't hacked because it's a free service) and it would be a terrible idea: they would lose (after the OtherOS) yet another differentiator and people like me, who are viscerally against paying a subscription to _very occasionally_ play online a game I already paid for in the shop.

Edited 1 times. Last edit by Miguel Melo on 28th April 2011 9:59am

Posted:3 years ago

#42

John Bye Senior Game Designer, Future Games of London

481 453 0.9
As Miguel says, it depends on your point of view. PSN might not have all the bells and whistles of Xbox Live, but it's a perfectly functional service that does everything I need it to as a customer. If they charged for it, I wouldn't use it. Like a lot of people, I suspect, I don't spend enough time playing online to justify paying an additional subscription on top of my internet connection costs.

Posted:3 years ago

#43

Terence Gage Freelance writer

1,288 120 0.1
I just want PSN to come back online so I can buy Under Siege!

/Grows a pony tail in preparation.

Posted:3 years ago

#44

Tommy Thompson Studying Artificial Intelligence (PhD), University of Strathclyde

110 0 0.0
Another strong article, thanks for the read Rob.

@ Werner: I think making the assumption that Xbox Live would falter in the same manner as PSN is a touch naive. Microsoft do seem to spend a significant amount of time with detection, prevention and enforcement against inappropriate behaviour on their systems, and are quite public about their actions (and capabilities) when necessary. Besides, after this debacle I would hope any potential holes in their security which could lead to a similar disaster will be coming under serious scrutiny internally. Though of course, no system is ever sufficiently airtight.

Posted:3 years ago

#45

Steve Jaccaud Producer, Electronic Arts

2 0 0.0
Wow yeah bummer. No Battlefield Bad Company 2 or Portal 2 online co-op for me for a while... :(

Posted:3 years ago

#46

Private Industry

1,176 182 0.2
I don`t see what`s naive by thinking that if anybody really wants to hack XBL that he/she/they would fail. It`s more naive to think the same couldn`t happen to any other Service or Company if somebody really wants it. Even banks get hacked with very high security. The only difference you have is that currently Sony is number 1 hacker target.

In 3-4 month time we will have all forgotten about it and think that all the services, websites and what not are secure and our personal data fully protected.

Posted:3 years ago

#47

Tony Ren Studying Design, University of California

2 0 0.0
@James Butterworth

"First the security of the PS3 is smashed open, possibly irrevocably without new hardware design and release, now their PSN is hacked?"

As far as I know, the PS3 had been resecured and is no longer hackable or run new games as of the latest firmware update. The Xbox 360 on the other hand is still running rampant with piracy and hackers/modders, as it has been since the first year or so of the console's launch.

"I am more of a Microsoft guy, as the Xbox has always been superior to PS hardware..."

I stopped reading right there. Was that an attempt at irony?

Some people such as myself go on certain, more ostensibly mature websites like this one to take a break from people spouting off about how much their prefer platform A over platform B, how platform A is just collecting dust in my closet, their preferences and/or biases for certain consoles and whatnot... or how PSN is free and thus you get what you pay for, and how PSN is "laggy as hell" (which is completely untrue based on my personal experience using the system for online gaming for the past 4 years), etc. You know, the same type of fanboyish, flamewar-inciting drivel you normally expect to see on sites like N4G or IGN.

I mean, how would you even know that PSN is laggy as hell if you've never or rarely ever played it? Answer me that riddle. Your rationale might be, "I played it for a few hours, and found it laggy," in which case my response would be that you probably didn't set up and optimize the network settings properly given the short amount of time you apparently had using the system (and suffering, I'm sure). Also, the built-in wi-fi of the PS3 is terrible and contributes to lag; use wired Ethernet.

Edited 6 times. Last edit by Tony Ren on 28th April 2011 9:18pm

Posted:3 years ago

#48
Small indie companies like mine are having the biggest problems.
We had Under Siege ready to deploy on the 27th with all the marketing and publishing done by us.
Guess what?

Posted:3 years ago

#49

Tom Keresztes Programmer

685 339 0.5
A normal security expert would say, that if there is no evidence that the credit card details remained secure, dont assume they werent. Also, just because they haven't taken something it does not mean they could not - for a real hacker (not the script kiddie, but the real hacker) would take what he wants, and the pretend they wanted to take something else by making it obvious he tried to access something else. Hiding their exploits at the center of attention. Sometimes they even plant backdoors this way... If a system was compromised, then it is not safe to assume anything.

Posted:3 years ago

#50

Gemma Suen Concept Artist, 3d artist, 2d artist, Oysterworld Games

8 2 0.3
Many others have already expressed how I feel about this: "Meh, it's no big deal". I check my bank statements all the time, and it's not a guarantee the hackers have even gotten it. If anything this has just caused me to simply feel sorry for Sony, and expect them to improve security after the ordeal is over- if there is no harm done.
I've never trusted online transactions entirely so there technically was no trust issues between me and Sony.

Posted:3 years ago

#51

Andrew Ihegbu Studying Bsc Commercial Music, University of Westminster

464 173 0.4
@Tony Ren.

You contradict yourself with your statement on the PS3 wifi and then criticise Jameses'network setup despite the fact that it would have been the same one he used to play his Xbox. I think that your statement regarding disliking brand preference seems a little hypocritical to say the least, especially when to this very day the Xbox cannot be hacked purely in software without opening the system up and even then is immune to code modification.

On the other hand PSN is largely slower than XBL, and this had been reported almost as universally as Apple's and Sonys brand locking habits. Also patching a piece of software after the breach has been found is like dressinga leg would after its got gangrene. The classic example would be the PSP ironically. After v1.5 was spread wide open, Sony patched the hole. All users did was downgrade to 1.5, then run a homebrew bootloader on top that could boot the PSPs latest update.,

Posted:3 years ago

#52

Login or register to post

Take part in the GamesIndustry community

Register now