Sony's PlayStation Network Comprised; All User Data Stolen

Rob Williams

Editor-in-Chief
Staff member
Moderator
As we discussed in our news on Friday, Sony pulled its PlayStation Network service offline in the middle of last week due to a problem that arose - but until today, that problem has been kept secret. Though speculation ran rampant that a DDoS was the source of the problem, the worst possible outcome instead came true: PSN was hacked. Worse still, all PSN users have had their data comprised, though Sony is still not sure whether or not credit card information is a part of that.

sony_playstation_3_123010.jpg

Read the rest of our post and then discuss it here!
 

Greg King

I just kinda show up...
Staff member
Come on Sony. Your security has got to be better than this. This is serious.
 
Last edited:

Tharic-Nar

Senior Editor
Staff member
Moderator
No sympathy from me... while I can blame the hacker(s), I blame Sony more for letting it happen in the first place - then waiting 6 days before telling anyone. Never used a credit/debit card on PSN, haven't touched my system in 6 months since it decided to stop reading BDs and no longer outputs over HDMI... Yes i'm bitter, yes i feel slighter better knowing that Karma is catching up... though my personal bitterness pales compared to what some people will now have to face as a result of possible identity theft and erroneous bank charges....

Sony has been poking a hornet nest for the last couple years, now they just realised they forgot to tuck their trousers into their socks...
 

Greg King

I just kinda show up...
Staff member
No sympathy from me... while I can blame the hacker(s), I blame Sony more for letting it happen in the first place - then waiting 6 days before telling anyone. Never used a credit/debit card on PSN, haven't touched my system in 6 months since it decided to stop reading BDs and no longer outputs over HDMI... Yes i'm bitter, yes i feel slighter better knowing that Karma is catching up... though my personal bitterness pales compared to what some people will now have to face as a result of possible identity theft and erroneous bank charges....

Sony has been poking a hornet nest for the last couple years, now they just realised they forgot to tuck their trousers into their socks...

Poke the hornets nest? What does that even mean? They chose to frown on people modifying their systems. Its their prerogative to do so if they want. If you don't like what they are doing, you don't give them your money.

I'm cool with having no sympathy for them, I have little myself, but to somehow imply that they had this coming for past actions is absurd. They had this coming because of their shitty security, not because of how they choose to deal with users who modify their hardware and taking away the ability to run Linux, an ability hardly anyone ever used.
 

Kougar

Techgage Staff
Staff member
Excuse my french, but fucking incredible. If this turns out to be because of some stupidly lax security policies or employee error situations there will be more than just a heap of fallout over this. As it is I don't see how they can apologize over something like this and walk away, that isn't going to work this time. They will have to pay some hefty charges just to cover credit monitoring services for their entire userbase, but I bet someone is going to make sure they pay more than that....

Sony does have a history of strong DRM in and outside Sony BMG. Some might view this as poetic justice, but given the circumstances this just goes way beyond that. As of January there were over 69 million PSN users that had over 1.4 billion downloads. I'd have to check but I think Sony just set a new all time record for how many users had their personal data compromised. It's only a matter of time before all these data breaches incurs a legislative response, and this one just might do it. Even if not... how is Sony going to handle a 69 million user class action lawsuit? Or rather hundreds of class action lawsuits in dozens of countries around the globe...
 

Rob Williams

Editor-in-Chief
Staff member
Moderator
At the risk of fanning the flames, I'm in the same camp as Jamie. I don't think it was karma that caused this to happen (I don't believe in it), but at the same time I don't feel bad for Sony, either. Not after how it's treated its customers the past couple of years, by putting itself first, and customers second.

The removal of the Linux option bugged me, but it wasn't because I used that feature religiously. It was because I bought the console when it had that option, and took advantage of it. Then, to thwart could-be hackers, Sony removed the feature, without care of how it affected its customers. I'd bring up the removal of the backwards-compatibility also, but after talking to other PS3 owners over the years, I've concluded I'm in the minority caring about that one.

The thing that bugs me, is that Sony removed the ability to install Linux in haste to prevent hacking, when a mere month later, mind-blowing hacks hit the scene that had nothing to do with the Linux feature. So in the end, Sony removed a feature that never had to be removed, nor ever considered restoring it. Then, to make things even worse, it brought George Hotz to court for hacking the console... which was meant to solve what? The deed was done... bringing some kid to court wasn't going to accomplish anything. To go even further, Sony, through the courts, obtained the IP addresses of everyone who merely visited his website.

Then, as if that wasn't all bad enough... Sony failed to protect its customers data, and it wound up stolen. While it was protecting its console from being hacked, it had no real concern over the information that mattered... its customers'.

It could be argued that this kind of thing could happen to any company, and that'd be correct. But because the logins and passwords were stolen, it means nothing was stored encrypted, as the hashes would have little use to a hacker.

Look at it this way. Your Techgage password is safer than your PSN password. That's a problem.

Kougar said:
I'd have to check but I think Sony just set a new all time record for how many users had their personal data compromised.

Scary, isn't it? Let's just hope user credit cards were not comprised also...
 

Greg King

I just kinda show up...
Staff member
Excuse my french, but fucking incredible. If this turns out to be because of some stupidly lax security policies or employee error situations there will be more than just a heap of fallout over this. As it is I don't see how they can apologize over something like this and walk away, that isn't going to work this time. They will have to pay some hefty charges just to cover credit monitoring services for their entire userbase, but I bet someone is going to make sure they pay more than that....

Sony does have a history of strong DRM in and outside Sony BMG. Some might view this as poetic justice, but given the circumstances this just goes way beyond that. As of January there were over 69 million PSN users that had over 1.4 billion downloads. I'd have to check but I think Sony just set a new all time record for how many users had their personal data compromised. It's only a matter of time before all these data breaches incurs a legislative response, and this one just might do it. Even if not... how is Sony going to handle a 69 million user class action lawsuit? Or rather hundreds of class action lawsuits in dozens of countries around the globe...

I agree with everything you said and I think it's more than justified to to be upset. I'm concerned for my personal data just as everyone else impacted should be. That still doesn't mean that they had it coming. Where was this backlash when Michael Crippen got arrested in 2009 for hacking XBOXs in college?

I didn't agree with Sony's action against geohot. I think it's absolute bullshit. But I'm not ready to heap praise on whoever got through Sony's security. If information was actually stolen, their noble cause is going to be as difficult to defend as Sony's inability to protect their own customer's information.
 

Greg King

I just kinda show up...
Staff member
As I continue to stew on this, I get more and more aggravated with Sony. Someone has had access to my personal information for a week now and Sony is just now letting me and everyone else know? Granted, with the exception of my credit card information, all of the data concerning me can be found elsewhere with a little work but it's still disheartening to know that its been accessed.

My main beef with the comments of others in this tread is the apparently cheer section that seems to have been built up around the actions taken against Sony. Nobody wins in this situation.

Boooooo.
 

Kougar

Techgage Staff
Staff member
The bad news keeps rolling: http://arstechnica.com/gaming/news/2011/04/ars-readers-report-credit-card-fraud-blame-sony.ars

Numerous Ars readers are reporting their credit cards have been used fraudulently. That's pretty damn fast. Or maybe Sony waited more than just a few days to come clean about the issue... at either rate, if the reported credit card / bank account theft continues to increase at this pace, Sony may have very well just crippled their console business.

Depending when and how networks pick up and air this story it could get very bad indeed, and out of the other consoles they stand the most to lose if they can't recoup sunk costs. They've sold more than half of their PS3's at a large loss, I have no idea what their total net balance is currently but it sure isn't par with the 360 or Wii as they were banking on a few more years of strong growth. Fat chance now.
 

Greg King

I just kinda show up...
Staff member
Alright, I FINALLY got my email from Sony at 10:36 PM last night (04/27/2011), letting me know of the outage and that my information might have been compromised. That's over a WEEK after this whole thing started. Thanks, I guess.
 
Top