Print 56 comment(s) - last by JW.C.. on May 7 at 10:12 PM

Sony is offering freebies to lure customers back onto PSN. Some customers might fear, though, that given Sony's poor security track record, that they might be walking into a trap by subscribing.
Company wasn't even using encryption for its non-CC data

The hits just keep coming for troubled giant Sony Corp. (6758).  The maker of the PlayStation Portable and the PlayStation 3 announced last week that hackers broke into its PlayStation Network (PSN) database and stole its 77 million customer database.

Sony waited an entire week while investigating the breach before notifying customers.  In the meantime the PSN was down.

I. New Details -- 10M CC's Lost

This week Sony revealed new details in media comments and posts to its PlayStation blog.  It commented that up to 10 million users' credit card numbers were likely obtained by the intruder.  

Until now it was unknown whether or not the hackers had gained access to the part of the database containing credit card numbers.

They state it was unclear whether the information thief could gain access to users' credit cards as the numbers were encrypted.  Sony indicated that it did not encrypt any of its other user records -- including username, real name, address, email addresses, and birth date.  Those records were stored as plain-text and should be easily usable by a malicious party.  

Passwords were not encrypted, but were hashed.  They were reportedly not salted, which means reversing the hash should be feasible for a savvy cyber-criminal.

Kaz Hirai, Sony's executive deputy president, addressed the public in a streamed press conference [video] late last week, bowing deeply in the traditional Japanese expression of regret.  He stated, "We offer our sincerest apologies"

The timeline of events in the intrusion has now become clearer.  The intruder gained access between April 17 and 19, apparently having free reign of Qriocity servers.  Then on April 19 Sony detected the intrusion and locked out the system.  

The PSN service was shut down on April 20.  Sony hired three independent firms to investigate the breach.  It declined to notify users' though, until April 25.

II.  Sony Offers Freebies to Lure Users

In its bid to regain users' trust and try to lure old and new users back onto PSN, Sony is offering its customers a number of freebies

Leading the way is a limited offer for a 30 day free subscription to PSN for new users.  For existing users, those who choose to remain will get a temporary 30 day boost to a "premium" membership level, which comes with special perks (free applications, etc.).  

And Sony is offering to pay users' credit card renewal fees should they find themselves victims of identity theft.  But it says it will require users to prove they suffered damage.

Users on Sony's blog seemed to be reacting positively to the company's updates and freebies program.  Writes "mcbuttz78":

Tell all your staff thank you and we all really appricate (sic) every thing you guys are doing to keep the psn network going strong and better than before. It really means alot . We also at the psn legion would like to wish the sony sercurity (sic) team happy hunting and dont forget the old detective saying” to hunt a criminal in the dark is best case, becuase (sic) he never knows hit’ em

But some seemed less enthused.  One user, "Jimmy_Cosmos" writes:

Just leave the PSN off, stop making PS3s and wait a year or two while building a much better & robust PSN network and launch the PS4. You’ve already given up on the PSP and the PSPGo. This gen is a disaster for you Sony. Rushing to build a brand new PSN in a few weeks is just asking for another disaster like you just had. How can you possibly be sure what you’re rushing to do in a couple of weeks will be better than what you’ve had to make secure in the past 5 years?

Some analysts think the damage will last for some time.  States  Jay Defibaugh, director of equities research at MF Global in Tokyo, in an interview with Reuters, "Damage has been done to Sony whatever the scale of the content giveaway at this point, and Sony is facing a prolonged effort to regain customer trust. Anything that undermines consumer willingness to divulge credit card details to Sony is a problem for the network strategy."

The breach has impacted customers worldwide in the North America and European regions.  Customers in Asia may have been affected as well.

To clarify, Qriocity -- the entity who maintains the PSN and whom Sony has been referring to in third person in its blogs -- is actually part of Sony.  The group offers streaming video and music services, in addition to maintaining Sony's online gaming efforts.  The trade name was put in place in June 2010 and Sony has been referring to it in third person ever since.  Some have complained that Sony is obfuscating its own role in the breach by sharing the blame with Qriocity in its releases, when in fact Qriocity is a part of Sony.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

30 day trial?
By cochy on 5/2/2011 10:28:30 AM , Rating: 4
Wow what a slap in the face.

We're so so sorry. To make up for it here's a 30 day TRIAL?????? Are you freaking kidding me? Wow did Sony ever lose me big time as a customer.

I bet the free download will be Tetris or something.

I expected better from the Japanese.

RE: 30 day trial?
By tekzor on 5/2/2011 10:41:58 AM , Rating: 1
This happened right before I got my pspgo.
Great paper weight.

RE: 30 day trial?
By stalepie on 5/2/2011 11:46:59 AM , Rating: 1
They're not really Japanese. The head of Sony is Howard Stringer.

RE: 30 day trial?
By cochy on 5/2/2011 1:46:25 PM , Rating: 4
He wasn't even present at the press conference. When he's gone the new CEO will be Japanese.

RE: 30 day trial?
By kattanna on 5/2/2011 1:54:46 PM , Rating: 3
hey.. imagine how the existing premium customers feel.. they dont get anything

RE: 30 day trial?
By someguy123 on 5/2/2011 4:11:57 PM , Rating: 2
Indeed. I really don't understand sony's though process here. They seem to believe their brand image is strong enough to maintain their egotistical attitude towards their customers.

You're not apple, sony. People used to buy your products because they were of decent quality, not necessarily insane brand loyalty, but it seems like they're just asking for customers to leave.

RE: 30 day trial?
By cmdrdredd on 5/2/2011 4:27:50 PM , Rating: 2
PSN is free unless you sign up for premium so what are they giving you 30 days trial of? It's free so...I don't get it.

RE: 30 day trial?
By dananski on 5/7/2011 9:40:52 PM , Rating: 2
Yeah, I didn't even know a premium PSN existed - I thought XBox Live was the only console network that charged. Besides, PSN isn't up and running in any shape or form yet is it? I couldn't sign on yesterday at any rate.

RE: 30 day trial?
By SCOTTxSEMPERxFI on 5/3/2011 12:19:31 PM , Rating: 2
This is why we have xbox and pay for it so none of this BS would happen im not sorry but playstation SUCKS

RE: 30 day trial?
By abhaxus on 5/6/2011 9:56:50 PM , Rating: 2
Comments like this make me hope that xbox live gets hacked as well. Not because I'm loyal to Sony, but because morons think this has anything to do with the console "wars."

RE: 30 day trial?
By JW.C on 5/7/2011 10:12:25 PM , Rating: 2
And yet, the hackers have been after the xbox network since the day it went online. They have yet to make an impact on more than themselves. Sony doesnt even have their system completely up yet and they have already been hacked in a major way.

Now I am not a big fan of either, but if I had to pay for a service I would have to go with xbox live simply due to security.

"Intel is investing heavily (think gazillions of dollars and bazillions of engineering man hours) in resources to create an Intel host controllers spec in order to speed time to market of the USB 3.0 technology." -- Intel blogger Nick Knupffer

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki