backtop


Print 56 comment(s) - last by JW.C.. on May 7 at 10:12 PM


Sony is offering freebies to lure customers back onto PSN. Some customers might fear, though, that given Sony's poor security track record, that they might be walking into a trap by subscribing.
Company wasn't even using encryption for its non-CC data

The hits just keep coming for troubled giant Sony Corp. (6758).  The maker of the PlayStation Portable and the PlayStation 3 announced last week that hackers broke into its PlayStation Network (PSN) database and stole its 77 million customer database.

Sony waited an entire week while investigating the breach before notifying customers.  In the meantime the PSN was down.

I. New Details -- 10M CC's Lost

This week Sony revealed new details in media comments and posts to its PlayStation blog.  It commented that up to 10 million users' credit card numbers were likely obtained by the intruder.  

Until now it was unknown whether or not the hackers had gained access to the part of the database containing credit card numbers.

They state it was unclear whether the information thief could gain access to users' credit cards as the numbers were encrypted.  Sony indicated that it did not encrypt any of its other user records -- including username, real name, address, email addresses, and birth date.  Those records were stored as plain-text and should be easily usable by a malicious party.  

Passwords were not encrypted, but were hashed.  They were reportedly not salted, which means reversing the hash should be feasible for a savvy cyber-criminal.

Kaz Hirai, Sony's executive deputy president, addressed the public in a streamed press conference [video] late last week, bowing deeply in the traditional Japanese expression of regret.  He stated, "We offer our sincerest apologies"

The timeline of events in the intrusion has now become clearer.  The intruder gained access between April 17 and 19, apparently having free reign of Qriocity servers.  Then on April 19 Sony detected the intrusion and locked out the system.  

The PSN service was shut down on April 20.  Sony hired three independent firms to investigate the breach.  It declined to notify users' though, until April 25.

II.  Sony Offers Freebies to Lure Users

In its bid to regain users' trust and try to lure old and new users back onto PSN, Sony is offering its customers a number of freebies

Leading the way is a limited offer for a 30 day free subscription to PSN for new users.  For existing users, those who choose to remain will get a temporary 30 day boost to a "premium" membership level, which comes with special perks (free applications, etc.).  

And Sony is offering to pay users' credit card renewal fees should they find themselves victims of identity theft.  But it says it will require users to prove they suffered damage.

Users on Sony's blog seemed to be reacting positively to the company's updates and freebies program.  Writes "mcbuttz78":

Tell all your staff thank you and we all really appricate (sic) every thing you guys are doing to keep the psn network going strong and better than before. It really means alot . We also at the psn legion would like to wish the sony sercurity (sic) team happy hunting and dont forget the old detective saying” to hunt a criminal in the dark is best case, becuase (sic) he never knows hit’ em

But some seemed less enthused.  One user, "Jimmy_Cosmos" writes:

Just leave the PSN off, stop making PS3s and wait a year or two while building a much better & robust PSN network and launch the PS4. You’ve already given up on the PSP and the PSPGo. This gen is a disaster for you Sony. Rushing to build a brand new PSN in a few weeks is just asking for another disaster like you just had. How can you possibly be sure what you’re rushing to do in a couple of weeks will be better than what you’ve had to make secure in the past 5 years?

Some analysts think the damage will last for some time.  States  Jay Defibaugh, director of equities research at MF Global in Tokyo, in an interview with Reuters, "Damage has been done to Sony whatever the scale of the content giveaway at this point, and Sony is facing a prolonged effort to regain customer trust. Anything that undermines consumer willingness to divulge credit card details to Sony is a problem for the network strategy."

The breach has impacted customers worldwide in the North America and European regions.  Customers in Asia may have been affected as well.

To clarify, Qriocity -- the entity who maintains the PSN and whom Sony has been referring to in third person in its blogs -- is actually part of Sony.  The group offers streaming video and music services, in addition to maintaining Sony's online gaming efforts.  The trade name was put in place in June 2010 and Sony has been referring to it in third person ever since.  Some have complained that Sony is obfuscating its own role in the breach by sharing the blame with Qriocity in its releases, when in fact Qriocity is a part of Sony.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Incomptetent
By zlandar on 5/2/2011 11:32:22 AM , Rating: 5
Just finished calling my CC company for a replacement card.

Sony has totally lost any credibility in my eyes when it comes to securing my personal account info.

Their "compensation" is a complete joke. You coughed up my address/email and +/- my CC and you offer a garbage 30 day trial? Sony can take that trial and shove it up their other end.




RE: Incomptetent
By Uncle on 5/2/2011 1:52:01 PM , Rating: 3
Sony is low balling to see how many (suckers) take the offer. Sony is a product manufacturing company. They are not into gaming. The online ps3 gaming was an after thought because some bean counter figured it would help sell the ps3, nothing else. This whole fiasco proves that out. Has Valve been hacked, and their not even close to the size of sony, but they are into gaming and know what it takes because that is valves business. Sony should stick to selling their products. This is what happens when companies get so big that they can have a major fu*kup like this because it really doesn't hit their bottom line. If sony did they would show more respect to their customers and help them out more then what they have. To sony your just a cash cow.


RE: Incomptetent
By chick0n on 5/2/2011 5:26:47 PM , Rating: 2
You do know that Sony has been having Online gaming for a long time in Japan?

not to mention, you ever heard of a game called "Everquest", right?

jesus stop saying shit that u know nothing about, makes u look like an idiot if you are not already one. Thanks.


RE: Incomptetent
By Uncle on 5/3/11, Rating: -1
"Vista runs on Atom ... It's just no one uses it". -- Intel CEO Paul Otellini














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki