the confusion surround Sony Corp. (6758), it's hard to find the
evidence to differentiate fact from fiction. Thus far, about all that is
clear is that hackers broke into two separate Sony databases -- the Qriocity/PlayStation
Network (PSN) subscriber database and the Sony
Online Entertainment subscriber database -- and took at least some
details from records of as many as 101 million customers.
I. Another Attack?
Now CNET is reporting that
hackers are preparing a third attack against the company as retaliation for how
it handled the first two database breaches. The news organization spoke
to the hackers over an Internet Relay Chat (IRC) channel. The individuals
claimed to have access currently to Sony's servers and were contemplating their
next move. They said that they would publicize all details, including
customer names, credit card numbers, and addresses.
There's a strong possibility that the promised attack will never materialize.
After all, CNET covered a similar IRC-sourced story from the
group Goatse that turned out to be likely inaccurate. At the time we dug up
evidence that showed CNET was likely duped into
writing about a prank orchestrated by Goatse itself, which Goatse was passing
off as an "attack" on its organization. It's important to remember
that just because some people say something on an IRC channel doesn't mean it's
real; this is the internet after
would hope that Sony would shore up its online security, it's believable that
it could be breached again given its poor track record. Even if the
promised attack proves authentic, CNET didn’t clarify whether
or not the involved parties were behind the original two
Thus far no group has owned up to the original attacks. Sony tried
to implicate Anonymous, with whom it's battled
in the past. But organizers of the Anonymous community quickly
responded condemning credit card theft and claiming
their organization had no role in the attacks. They accused Sony, the
government, or rival hackers of framing them.
II. Free Identity Theft Protection for Everyone!
Sony is offering its customers a new gift to try to keep them on PSN and
prevent them from jumping ship to someone else (like say Xbox Live). The
move was announced late
yesterday on Sony's U.S. PlayStation blog.
The company will be providing users one free year of access to "AllClear
ID Plus", an identity theft protection and insurance service by American
security firm Debix, Inc. The package gives users insurance which covers
up to $1M USD for "identity restoration costs, legal defense expenses, and
lost wages that occur within 12 months after the stolen identity event."
The service also gives customers access to free monitoring tools, which include
automatic alerts. And if the customers' stolen data does get abused,
Debix "private investigators and identity restoration
specialists" will try to assist the victim.
Customers who were subscribed to PSN at the time of the data breach will get an
enrollment email and will have until June 18 to sign up for a year of free
protection service. Sony says it will make similar offers available for
other regions, writing:
We are working to make similar programs available in other
countries/territories where applicable. Information will be posted on local
websites/blogs when available.
It's still unclear whether Sony will offer a similar service to the 24 million
customers whose data was lost in the Sony Online Entertainment breach.
It's nice, though to see Sony finally doing something decisive to try to
protect its customers.
The company is currently the subject of a
class action lawsuit filed by upset customers.