Tuesday, 3 May 2011

Sony In Customer Data Breach, Users Furious

I've held back on writing about the Sony hack attack recently because there have been so many developments in the story and I quite like the idea of having some form of summary of the situation on the blog. It's proven difficult as new information has been surfacing on pretty much a daily basis, but here's my look at the recent Sony hacking attack.

Let's start from the beginning. On April 21st, via the official PlayStation Blog, Sony posted a message to the site titled 'Update on PSN Service outages', stating: "While we are investigating the cause of the Network outage, we wanted to alert you that it may be a full day or two before we’re able to get the service completely back up and running". At this time, there was no sense of the scale of the problem. Sony customers were merely told the online service would be inaccessible for a short while.

For those who are not familiar with the 'PlayStation Network' (otherwise known as the 'PSN'), it is an online service which enables Sony PlayStation 3 owners to download content from an online store after inputting credit card details and other personal information including home addresses, billing information, names and ages.

Photograph: Julian Stratenschulte/Picture Alliance/Photoshot

Two days after the original notice to customers, Sony posted another, admittedly more sinister-sounding message onto the blog which said: "An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th."

On 26th April, Sony confirmed they had become the victims of a successful hacking attempt resulting in the names, addresses and passwords of approximately 77 million users being compromised. This places the hack as one of the largest ever attacks on a commercial organisation. Naturally, the PlayStation Blog was completely flooded with furious users demanding to know more about the situation. What caused the most upset was the fact that the company had known about the hack for a week, yet had failed to keep customers informed as the story developed.

Sony were slow to respond to questioning initially, but have since claimed that the credit card details stolen from their servers were encrypted. This means that it is not as easy for hackers to obtain the information as first thought. Users on the blog have also expressed their anger, expressing confusion over how an electronic giant like Sony could be so careless with confidential, private customer data. There's a clear risk of identity theft here, which could be massively damaging.

Former editor of 'GamesIndustry.biz', Rob Fahey, has slammed Sony, writing "[they were] on the short list of firms I trusted to the same level as Amazon, Apple and their ilk with my personal and financial details. No longer".

It's not just consumers Sony are having to answer to, either. Governments and agencies across the world are demanding information. Parties such as the FBI and Government Privacy Officials from Australia, Canada and the U.K are in contact with the company. Reports state Sony has contacted the Federal Bureau of Investigation in San Diego. Its 'cybercrimes' unit is said to be conducting an investigation.

A screenshot of the PSN's online interface

Since the news of the hack surfaced, web analysts have attempted to calculate the financial damage the attack has caused. Michael Pachter, a gaming research analyst, claims that Sony lost at least $10 million in revenue and $3 million in profits in the initial week the PSN was down. Obviously, as the service remains offline, Sony continue to lose substantial amounts of money. This is a massive mistake for Sony and the Online Security Team, made evident by the 5.2% drop in Sony's stock price since the breach took place.

On a personal note, I feel it'll be particularly interesting to see whether the recent Sony hack will effect online content purchases from other sources. Customer loyalty may also alter financial income for Sony in the future. Will customers be willing to trust the company again with their details after such a massive mix up?

On 20th April, Sony announced plans to begin the arduous restoration of some online services this week. The company has claimed services will be restored by region. Some customers claim the service is back online in part of Japan, but this has not been officially confirmed by Sony. If you're a PlayStation 3 owner like myself, I'd make a note of the following statement from Sony:

"To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports."

That's a summary of the situation so far. As a PlayStation owner myself, I'll be following this story carefully. I'll post again in the future with an updated summary of the situation.


Post a Comment

Web Directory
Add blog to our directory.
Twitter Delicious Facebook Digg Stumbleupon Favorites More