This is a rough time to be a PlayStation Network user. PSN being down for the past 6 days as bothered many, but was more of an inconvenience than anything else. But now Sony admits that all of its users have had their personal information compromised from an external intrusion.
The PlayStation Blog goes on to list what information has been acquired. Apparently, everyone’s “name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID” has been obtained by the person(s) behind this. Further information that could have possibly been stolen as well consist of “profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers.” If that wasn’t enough, Sony says that, while there is no evidence that credit card information has been obtained, to take measures as if your credit card number and expiration date have been acquired.
I have to say, Sony has really dropped the ball on this one. Not only are over 70 million customers’ account information in danger, but we’re only finding out about this today, the 26th of April. According to the blog, Sony learned that user information was compromised between the dates of April 17 and April 19. Sony promises to send out email notifications to users, and the blog has some tips on what members can do to help protect themselves from identity theft and fraud, but I can’t help but feel disappointed in the way Sony handled the situation. The company has had to deal with a huge assault on its network, I understand that, but while possibly trying to save face, they’ve given the attackers that much more time with PSN members’ information, and that just isn’t right. When it comes to identity theft, notifying customers this late is simply inexcusable. My guess is that PSN cards are going to be purchased a lot more in the future, because right now Sony may have lost the trust of many of its customers, myself included.
Regardless, if you’d like to learn more about some precautions you can take, visit the links below. Joystiq has some good advice on things you can do to protect your identity.
Update: Sony says that, while they discovered the intrusion on the 19th, they only learned of the compromised account information yesterday. “It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.” If this is true (and I don’t completely buy it yet) then that explains the late notice, but things are definitely still going to be difficult for Sony.
Source: PlayStation Blog
In Sony’s defense, they really don’t know the state of all the PSN account information. If I’m correct, they’re just issuing this statement as a precaution so that they don’t get the pants sued off them in the event personal information really is compromised. It seems they were hoping to get to the bottom of it these past 6 days instead of issuing this statement that even if given 6 days ago would have gotten a lot of people paranoid. They made a pretty big gamble in trying resolve it without having to get the masses worried in the event that it wasn’t a huge breach, lost horribly and now have to come clean as they still don’t know what the hell’s going on. Between this and other legal matters, Sony’s corporate hierarchy must be utter chaos.
Also, I read the Destructoid forum posts for a change and read a pretty interesting theory about what’s going on, assuming Anon would be involved. That is, chances are they don’t give a shit about the user’s accounts info and instead made the breach to bring about mass hysteria as Sony would have been forced to disclose this information sooner or later. The 6 day delay amplifies this impact pretty well.
I’m no fan of hacking or any of this drama surrounding Sony and Anon, but even I have to call it a brilliant strategy. If this was the “big surprise” they had in store, then damn they hit the mark.
Saying that they don’t know what happened to their users’ information doesn’t really bode well for their defense. Plus, Sony does believe that certain information has been compromised, so either way it’s still bad. What I’m not happy about though is the fact that we were kept in the dark for so long, with no information what so ever.
But I digress, let’s hope this is really just a stunt to cause a media frenzy.
Pingback: Holy Shit! An Intellectual PSN Debate! | The Wired Fish
Pingback: BIT.TRIP SAGA Coming to 3DS | The Wired Fish