Apr 28, 2011
The problem with large companies is that they put more effort in to controlling information and not enough in giving the right information to those who are affected.
PSN users are getting conflicting information as to exactly what information has been compromised, and how compromised it is. Initially it was reported that names, addresses, email addresses, usernames, passwords, password hints, AND credit card numbers had likely been obtained by persons unknown (not Anonymous, just unknown). However, in this article at gamespot.com it states Sony are now saying that credit card details were unlikely to have been obtained, and if they were then they were encrypted anyway.
“The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”
This is in contradiction to the official advice being sent out to the 70+ million users of the PSN network. US users have been given contact numbers and information on protecting against identity theft, EU users get the update website address and a reminder to look out for scams and identity theft. It’s good to see Sony treating all their customers as equals. Perhaps if the EU turned around and said “WE’RE GOING TO SUE YOU FOR EVERYTHING YOU HAVE!!!!” like has happened in the US then Sony would be a bit more proactive and helpful instead of providing an email that essentially says “So you’re details have been stolen, sorry about that.”.
Technorati have also came out in defence of Anonymous against the accusations that they were behind the initial down time. As previously reported, Anonymous denied any involvement and that position would appear to have been vindicated.
Who was behind the attack and breach is still not known, however, for a breach of this magnitude the perpetrators will need to be supervillains to get away with it. How they breached Sony’s security is also unknown although there are rumours of hacked developer firmwares being associated with the situation.
It’s thought that the Playstation Network will be back up soon: Eurogamer.net cites 3rd of May 2011 as the date when some connectivity will be resumed. Sony appear to have confirmed this in their Q&A:
Q: When will the PlayStation Network and Qriocity be back online?
A: Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.
‘Yesterday’ in relation to the Q&A post was 26th April 2011 which would make a week later being 3rd May – the day after the Bank Holiday in the UK when most people will be back in work/school.
So that’s as much as is known currently about the Who, What, When…. but Why? I get the feeling that ‘Why’ will either never publicly come out, or we’ll have to wait until the court case.