Regarding the PSN: What Just Happened?!

Back on Monday, I wrote a quick blurb about the PSN outage and criticized Sony for its lack of communication.  Since that time, Sony has finally “come clean” (as it were) and revealed a lot more information about the nature of the outage.


And the internet let out a collective “WTF?!?”


Yes, as it turns out, the outage is a lot worse than most were imagining.  Many gaming sites simply assumed that the PSN had been attacked and taken down in a situation similar to the Anonymous attack of last month.  (For those of you who don’t know, “hacktivist” group Anonymous got ticked at Sony and attacked the PSN, causing slowdowns so crippling that the service went offline for a day or two).  What actually happened this time, however, was a hack that compromised the account info of millions of PSN users.  It has been revealed that Sony shut down the PSN of its own accord in order to prevent any more siphoning of user data.  Since that time, the corporation has been investigating the attack and attempting to rebuild their network with better security (Sony states that it hopes to have “some services” of the network up “within a week.”).


So what info was compromised?  The official list given by Sony itself is thus:

  • Name
  • Online ID
  • Password
  • Email Address
  • Physical Address
  • Birthdate

Sony has also stated that, while they have no concrete evidence of it, it’s also possible the hacker(s) has acquired answers to security questions (you know, if you forget your password), credit card numbers, and purchase histories.  About the only thing Sony could confirm that wasn’t acquired by hackers was the security code on the back of your debit or credit card.  The whole situation definitely went from bad to worse yesterday, and many people are no longer so concerned about playing online multiplayer, as they are about keeping their hard-earned money in their own bank accounts.


Obviously, this a huge blow to Sony, one that could take the company a very long time to recover from (if it ever fully recovers) , but big-time companies getting hacked is nothing new.  Just last month, the Epsilon security breach exposed the email addresses of millions of consumers in what, up to that point, had been the biggest digital security breach in US history.  Identity theft is an everyday part of our digital world, and, accordingly, anyone with an online presence should be very knowledgeable about their own security.  (For example, if you use the same password with all of your online accounts, you’re definitely doing something wrong.)  Hacks happen and you need to take appropriate measures to protect yourself.  If you have adequately prepared for these kind of occasions, the PSN hack isn’t nearly as scary.


That being said, do PSN users have a right to be angry?  Honestly?  Yes.  Yes, they do.  According to Sony, the breach happened well over a week ago, but customers were only told about it yesterday.  Sony claims that they only learned about the scope of the damage on Monday, but that still means that they waited a full day before warning users.  Even with that as the case, you have to think that somebody in the organization would’ve suspected a compromising of customers’ information much earlier.  When any organization handles delicate customer data, they have a responsibility, first and foremost, to their customers.  If something happens that will affect the customers privacy, the company should alert them as soon as possible.  Sony didn’t need to know the scope of the damage to warn customers that something could possibly be amiss.  They could’ve prevented a world of PR hurt by just warning customers to change their passwords and keep a close eye on their bank statements, without completely understanding what had happened first.  “Better safe than sorry,” as the adage goes, and many of the precautions Sony recommended yesterday should’ve been given, by Sony, days ago.


Sony’s in a hard place now, but it’s basically the company’s own fault for being there.  Getting hacked is one thing — had the company flat-out acknowledged it immediately, consumers probably would have been much more forgiving — but withholding information that could be vital for consumers is deplorable (In fact, those in government are even taking notice, as a U.S. Senator has sent Sony a letter, calling the company’s poor communication “troubling”).  Honestly, I think Sony made the right move to shut down the PSN to prevent more data from getting leaked, but, again, they should’ve then said something about it immediately.


So, your PSN data is compromised.  Now what?  Well, for starters, take my earlier advice and switch up all your passwords.  It’s a good policy to never use the same password twice.  If you can do it (not all services allow it), you can also try switching any important online IDs you may have, so that they do not match up with your PSN ID.  The biggest danger from this leak, however, is from phishing scams.  NEVER respond to emails that ask you for personal info, no matter what the source.  In fact, it’s a good idea to never respond to emails, period.  By that, I mean, don’t click on links provided by an email, even if it is legitimately trustworthy.  Instead, open up a web browser, go to the company’s URL, and move forward from there.  Always dictate the terms yourself.  As far as finances go, just keep a close eye on your bank statements.  You can cancel your debit or credit card and get it replaced with a new one, if you want to feel extra secure, but it’s not an imperative necessity.  Despite their tendency to treat you like a number, banks are actually really good at dealing with identity theft.  If fraudulent charges show up on any of your accounts, banks will generally give you 60 days to dispute the charge.  Of course, if you’ve never made a purchase on the PSN, you don’t have that to worry about, as credit cards are only a requirement for buying something (and that only if you don’t have any PSN points).


So, that’s that.  It’s a very messy situation, for both Sony and PSN users alike.  I’m still a big fan of the PS3 (it has more games to my taste, and I love Blu-ray) and I will likely use PSN again once it’s back (I’m unwilling to pay monthly for a service that I only use once or twice a week), but I won’t justify or excuse Sony for the way it’s handled something that, initially, wasn’t entirely its own fault.  If I make purchases on the PSN again, it will likely be through buying PSN point cards at retailers.  It’s an annoying third step, but it’s what is safest.  Sony is, of course, rebuilding the PSN to have more robust security, but it’s going to take awhile to rebuild the trust it lost.  I don’t know whether the PSN just had bad security or if it simply came under fire from some very good hackers (and we may never know, honestly), but Sony will have a lot to prove over the next few weeks. (Oh, and you can already smell the lawsuits cooking).


As with most of this fiasco, it’s now Sony’s move.  Let’s hope it doesn’t take them as long to respond this time.


~ by digitallysmitten on April 27, 2011.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: