OpEd: The Sony PSN Security Breach - Why I'm Angry


Posted April 27, 2011 - By Kevin Kelly

  • Videos
  • Screenshots
  • Cheats and Walkthroughs

OpEd: The Sony PSN Security Breach - Why I'm Angry

This OpEd was prompted by the Sony PSN outage and security breach. As a longtime Sony fan, the fact that our private information was accessed illegally, despite threats and public knowledge about unencrypted credit card data, has pushed me over the edge. That, and the fact that Jake Gaskill and I cannot continue our awesome Portal 2 co-opping.

By now you've heard about Sony's PlayStation Network security breach, and at this point it's gone well beyond hackers bringing the system down and turned into a large theft of personal information. Physical addresses, passwords, security answers, email addresses, purchase histories and credit card information has potentially been stolen for over 70 million users worldwide. Needless to say, that's a gargantuan amount of private data worth hundreds of millions of dollars to the right buyers, and a ripe target for identity theft and unauthorized credit card charges. It's a headache for users and banks alike, not to mention Sony itself.

But Sony was warned about this, and we knew months ago that it was possible.

In short, Sony got caught with their pants down around their ankles. While it's unclear exactly who exactly was responsible for this outage and breach, it has all happened in the wake of Sony's battle with Geohot, and the hacker collective Anonymous taking issue with the way Sony handled things. The end result is a service that has been down for over a week, keeping gamers from playing titles on a busy launch week that included Portal 2, SOCOM 4: U.S. Navy SEALs, and Mortal Kombat, and now Sony finally admits that personal data was accessed as well.

Sony's PlayStation 3 has had a rough time ever since it was announced back in 2005. Gamers were shocked at the high price point and initially had a hard time warming up to the system. Over the years they've removed hardware-based backwards compatibility and the ability to load another OS on the system (originally touted as a feature). The system was the butt of jokes about "massive damage" and the now infamous "Riiiiiiiidge Racer!" quote.

However, despite a shaky start, things were looking up. Sony has continually delivered exclusive titles like God of War 3, Gran Turismo 5, Uncharted: Drake's Fortune and Uncharted 2: Among Thieves. Their much-touted PlayStation Network service didn't cost anything to use, and it offered free access to demos, themes, wallpapers, videos, and much more. They've since added a PSN+ paid tier that runs from $49.99 per year to $17.99 for three months and offers much of the same, but includes early access to certain titles, free games, discounts, and game trials.

With games and gamers starting to sway public opinion, even developers got in on the action. Gabe Newell, co-founder of Valve, famously called the PS3 "a disaster on many levels" and said that Sony should just start over. But at last year's Sony E3 Press Conference, he changed his tune dramatically and said it was the best platform out there. With only the PlayStation 3 offering cross-platform play, and being the first system to work with Steam, it was a huge shot in the arm for Sony.

But public opinion has been swaying lately. In the wake of Geohot hacking the PlayStation 3, and posting the root keys online, Sony went after him, and all of the users who had viewed his video. They settled out of court earlier this month. This rankled the group Anonymous, and as a result they released several threats directed at Sony. That may or may not have included an attack that had the PSN "Down For Maintenance" earlier this month. In fact, it has been publically known since February that Sony sends credit card information an unencrypted format when your PS3 talks to the PSN. Why was a hole that wide allowed to remain open?

Which is another reason that we're angry. Sony knew in advance about impending attacks on their PSN service, and that data was vulnerable, yet the service was still hacked and brought to its knees. With the announcement yesterday that personal data was compromised, it makes things much worse. Adding even more fuel to that angerfire was the statement Sony issued yesterday, which stated partially: 

"We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network."

In fairness, Sony told us today that they only found out themselves about the full extent of the security breach until yesterday, which is why it took so long for them to tell us. They called in an outside security firm and they performed forensic analysis. Which for some reason makes me picture Gus Grissom from CSI with a PS3 controller in one hand and a magnifying glass in the other. Still, when dealing with millions of users that have sensitive information on your system, and you detect a breach this large, as you did on April 19, you need to tell your users. Simply throwing up a "Down For Maintenance" sign doesn't cover it.

What all this means that someone out there, either a single individual or a group, has had access to all of your personal login information for at least that amount of time. This amount of data (up to 77 million users, possibly) represents a potentially huge payday for someone on the black market, not to mention the possible identity theft scenarios. So you're darn right we're angry. There's always the possibility that Sony delayed releasing this information to the public as it would impede their own investigation of the issue, but until we know that happened, it's hard not to be mad about this.

If you're wondering exactly what you should do to try and protect your other information, check out our FAQ about the breach, and the steps you can take to contain the leak. Are you willing to forgive Sony for this? Or will it take you awhile to trust them with your information again? If you remember back in 2007 when Xbox Live had issues, Microsoft ended up giving everyone the downloadable title Undertow for free. Hulu announced today that they are offering users a free week of service for the downtime. What will Sony have to do to make up for this? What do you think?

Have something to share? Have an idea for a feature you'd like to see on G4? E-mail me. You can also follow me on Twitter.

OpEd: The Sony PSN Security Breach - Why I'm Angry


Blog Tags

  • International Sexy Ladies Show: Messy Cat Fight

    Posted: January 27, 2010

    644,696 Views | 00:49

  • Sara Underwood's Naked Bike Ride

    Posted: June 22, 2011

    1,316,284 Views | 05:20

  • Laser Snake Robots, More Mars Rovers and BigDog Is Back

    Posted: September 25, 2012

    1,290 Views | 03:00

  • NBA 2K13 Launch Trailer

    Posted: October 4, 2012

    5,601 Views | 01:53

  • Casual Vomiting - Web Soup Investigates

    Posted: March 30, 2011

    7,570 Views | 02:52