Sony's failure to report data breach incurs CT Senator Blumenthal's wrath

@sammo21 I tried logging in to play Portal 2 on Wednesday morning and it said the servers were down.

@sammo21 Just because you were online, playing a game doesn't mean that the intrusion didn't happen. The service may not have been down for a week but Sony themselves confirmed it started last Tuesday.

@sammo21

"I was playing online with MK into Thursday morning around 3AM with no issues. This hasn't been a week long thing".

HALLE-FUKKIN-LUGHAH!

I was worried that MK multiplayer was down for SIX and a half days, and criminals had stolen our personal and financial data.

But as you pointed out, MK multiplayer was only down for FIVE and a half days, and criminals have stolen our personal and financial data,

Thanks for really getting to heart of the matter here, sammo21.

@copa The information they got a hold of should have been double or triple encrypted. I am HORRIFIED at the lack of security.

@sammo21

if it took them this long to figure out that all their data's been stolen, then they've demonstrated a woeful lack of manpower to handle valuable, valuable customer data. If they had figured it out days ago but were stuck in meetings for several days w/ their lawyer team over how best to go about this situation they were in complete negligence of the security of us, their customers.

Either they're completely incompetent or they have total disregard for the customer. I don't really like either one of these options.

@Antipilor

MafiaBoy - February 2000

Took down: Yahoo, Amazon, Dell, E*Trade, eBay, and CNN. How many of these companies have customers' financial infos?

@beanbaggers
It all happened because GeoHotz made his jailbreak hack in the first place. His hack allowed users to install custom firmware to their consoles that allowed them to sign into PSN as debug units and download everything for free, which crashed the servers.

And GeoHotz wasn't prosecuted. Him and Sony settled out of court under the condition that he would remove all of his uploads of his hack, which got Anonymous upset, which triggered their initial attack, which ended a while ago and is still being carried on, evidently.

Also, to anyone who may know the answer to this: I'm a PSN account holder and I haven't received any such message from Sony. Could it have something to do with the fact that I haven't logged in since last October (borrowed a friend's console and had to make an account)?

@beanbaggers
Sony should have had better security to begin with. This is absolutely unacceptable.

@TRONdll

I haven't heard anything from Sony either (via e-mail) and I was fairly avid PSN user. I wonder if my account's already been hacked and the email already changed ... :/

@TRONdll Oh come on, get off the GeoHot thing. That's like blaming Alfred Nobel for terrorist attacks. The security breach was going to happen sooner or later, and Sony should've known better than to keep PSN running with the security of a cereal box.

@beanbaggers

Anonymous did not do this - at least not officially.

But all things considered, Sony really has made a point of stirring the hornets nest by going after the hacking community the way it did. I know a lot of people here like to confuse the hacking community with the game pirates, but anyone truly in the know, knows better - you have some hackers who are pirates, but most are just what they say they are, hackers. And in the case of GeoHotz, I highly suspect one of the main reasons Sony settled out of court with him, instead of making an example of him in court, is because of the subpoenaed computers they took from Hotz looking for pirated software, only to find zero pirated software; or even any evidence that Hotz and crew ever used the jailbreak they made of the PS3 to illegally obtain software. Once that has been established, Sony's case against Hotz, pretty much goes out the window, and they are looking at being on the losing side of a legal battle, just like Apple was when they went up against Hotz for jailbreaking the iPhone. No company who wants to lock it's customers down to it's ecosystem, ever wants a law passed saying that such actions are illegal. Imagine what it would do to gaming, if every game console was forced to be open, because Sony lost in court against Hotz.

Anyway, I digress. My point is, even by the time Sony settled out of court against Hotz, the damage to Sony had been done. The hornets nest had been stirred, and Sony had pretty much painted a giant target on their ass, that the hacking community at large is more than happy enough to take shots at. Which leads me to something I was saying a few years back - PSN was not very secure.

PSN's biggest problem (and I am sure all the fanboys will vehemently disagree) is that it was never very well thought out or planned out to begin with. Sony never, ever took internet and online gaming seriously, and this going all the way back to PS2 unveiling in March of 1999, when they were promising that the Playstation online gaming experience, would be light years better than Dreamcast's online gaming experience. Of course those were just empty threats Sony never had any intent to follow through with. And once Dreamcast was dead, Sony sure enough pretty much canned any talk of online gaming on PS2 . . . that was of course until started becoming a major force to be reckoned with towards the second half of last gen.

And this is where Sony's real problems with PSN begin to arise, as the network was never ever really thought out well. It's origins were more of a "we have one of those too" affairs to keep gamers and publishers from supporting Xbox LIVE. From the very beginning, PSN was more of a hodge-podge effort; Sony could always promise it would be free, because Sony was not putting very much effort into it to begin with. Of course that tune would change as Microsoft kept reinvesting sizable portions billion dollars they were making on Xbox LIVE, back into LIVE to continually make it better. Sony had to keep up, but keeping up is not cheap, which is why Qore, and now PSN+ exists - an effort to keep PSN appearing "free" on the surface, yet coerce PSN users to pay for the upkeep on the network, without actually looking like they were paying for the upkeep on the service.

Once again, I digress. My point is, almost everything about PSN was sloppily thrown together, which is why many of the features on it do not run as well as their Xbox LIVE counterparts - including network security. While Microsoft had sat down for years before bringing out LIVE, and worked out creating a platform by which to unify all aspects of the company's various product lines, that was modular in design, so integrating new product lines into it would be largely seamless as time went, Sony was busy throwing things against a wall and hoping they stuck, in comparison. It was a case of keeping up with the Jones' on a massive, corporate level, but it left gaps and holes every time they added something new (it's kinda like how Microsoft built every version of Windows before Win7).

Fast-forward to 2011, and launch an all out corporate assault against a hacking community, whom until now had no reason to dislike Sony. And suddenly any and all loopholes in the network are going to become exposed as hackers from all over descend on anything and everything that Sony makes or is involved with. It's just like with the PS3 itself, Sony left their encryption keys sitting in plain sight right in the system, and the only reason no one noticed it before failOverflow, was because no one had a real reason to go and look. But once they did, they found the keys just sitting there for anyone to use. I suspect we are seeing something similar with PSN - the cracks were already sitting out there in the open, and no one ever bothered looking before, because no one had a reason to do so.

I think the sad part in all this (one of several sad parts), is that next year is an election year - and politicians love to use gaming as it's re-election punching bag. Before when it was politicals trying to "prove" that games cause people to become sociopaths and kill whole churches full of children, that was something they were always going to catch some flak about. I mean, for every study that would come along and say games turn people into sociopaths, there would be tens studies that would come along and say the opposite. So politicals harping on that, always ran the risk of it blowing back up in their faces. But the recent PSN outage is a whole different animal. Sony waited a week to tell customers their data (userids, passwords, verification questions/answers, names, addresses, phone numbers, and creditcard information) was compromised (I got the email myself, today). A week. WTF?! When you have some 70 million users, that is huge, and is the type of scandal that is a politician's wet dream come true with elections coming up. Between all the press this is going to get, and the class actions and other legal actions this is going to precipitate, a crusading political type could ride this all the way back into re-election. Which is not good for Sony, because long after this should have blown over and became a resolved issue, Sony is still going to be dealing with this problem, because now that the politicians have gotten a whiff of fresh blood, they are not going to leave it be for years - kinda like they did with the 'Hot Coffee' incident; some politicians still bring that up to this day.

The only good to have come out of all of this, is that Sony is hopefully true to their word, and are rebuilding PSN. Not just the networks security, but the whole thing. I can easily think of a couple dozen ways how Sony can make PSN waaay better than Xbox LIVE. But half of them will likely be impossible to implement with PSN in it's current form. I mean think about it, as-is, features like cross-game chat, and party systems, and custom soundtracks, are all either impossible or near impossible over PSN in it's current form. And these are features that every Xbox LIVE Gold user takes for granted daily. So adding even more advanced features that Xbox LIVE has never even thought of into PSN, as it currently stands, is just as impossible. So a rebuilt PSN, could turn out to be the single best thing to happen to Sony fans in a long while. And I for one am fine with that. Even if the service had to be down for a month of two, I'd still rather they take the time out to rebuild it right properly, and come back, bigger, better, stronger and more secure than ever, than come back (say today), with just more f the same old we have had since the beginning.

@Once known as Shadsy
Absolutely correct. Plus I don't see any connection whatsover between jailbreaking the console and hacking the network.
People gotta realize that this kind of data theft is unrelated to that stuff... seriously.

@Tachyonic Cargo

that's alot of typing for a comment... i thumbs up'd you jus for that :-D

@Tachyonic Cargo

Impressive, this is almost an article in of itself.

@Tachyonic Cargo
nice essay

@Tachyonic Cargo
That...was beautiful.

@Tachyonic Cargo

What a fantastic response. I wish I had your rhetorical abilities.

@mywhitenoise I have to say it does suck that they got hacked and it it would be nice if they didn't but no matter how good of security you have it can be broken.. So better security is nice but we have no idea if its better or worse than any other companies security.

@Tachyonic Cargo

http://www.colectiva.tv/wordpress/wp-content/uploads/2009/07/lkzyz89efm_clap.gif

@Bekefel

A nice break from the insanity. I laughed.

@SilverPR

You... you don't know how PR works, do you?

@dogmaticatheist Do you not realize how fast the internet moves? The intrusion happened last Tuesday at the latest (this info is coming from Sony's blog). That means whoever compromised the information has had access to it for several days before we even knew they had it.

It's unacceptable, and it's an absolute miracle nobody's identity has been stolen yet.

@Electrium

It's completely possible that Sony was unaware of the "external intrusion" until later. For instance, they knew something was wrong on Tuesday, but couldn't figure out what exactly, so they ran some routine maintenance to investigate what the problem was. Then, they discovered that they had actually been hacked (as opposed to a glitch in the system) and announced that there was an actual "external intrusion."

Of course this is all speculation, but here I am making their excuses for them . . .

@dogmaticatheist

@Goaliegeek

I'm not mad that the PSN was attacked and hacked. I'm annoyed that my personal information, potentially including my credit card info, was stolen.

But I'm furious that Sony would keep quiet about this for SIX days. In that time, all sorts of mischief could have been done with our information.

Had we been told right after the intrusion had happened, we all could have had the opportunity to protect ourselves by informing our banks and credit card companies that our information was compromised. We could have changed credit card numbers, and that itself could limit the damage done.

Sony has failed all of it's customers. Not because the PSN was down. Not because our information was stolen, though Sony bears the burden of blame for it. Sony failed us because it kept to itself the size and the scope of the intrusion.

@pdboddy - I agree with you, but it has to be understood that our information being available to be stolen is a failure in and of itself. This just keeps happening (See: Gawker) and yet companies still aren't going the extra mile to secure our data on their servers.

@Bjork

Well who's to say that it is an excuse. Try to think of it this way. When your computer crashes, you don't IMMEDIATELY know what it was that caused the crash. You just know it's not working. You then have to do trial and error to find what caused the problem. Say you discover it's a virus, well that's good that you found out what caused the problem. But you don't exactly know what else that virus could have done to your system. Or what, if any, personal information could've been sent to someone else. It's only been six (eight) days which is still early. This could've been a lot worse. They could've not said anything at all. So instead of complaining that you didn't know anything and griping about the past, go check your accounts and make sure that nothing happens in the future. Stop worrying about what's already happened and save, fix, or change what you can. Just one man's opinion.

@Irvine032188

one person at home dinking around their own computer which they probably know very little about is a lot different than a team of software engineers and IT professionals working on a network infrastructure that they know inside and out.

there is no way that this is ever acceptable.

@kgoo867

The hell are you talking about you simpleton?

All I'm saying is they tried to stop piracy and only made things worse.

@NaeemTHM

How do you know this wouldn't have just happened sooner if they did nothing?

@NaeemTHM
He's talking about this
http://www.joystiq.com/2010/01/26/ps3-hacked-geohot-releases-coveted-ps3-exploit/

@NaeemTHM

People don't bother reading up on history-nothing encourages hackers more than trying to beat them. Remove Other OS in response to someone tinkering with your innards? Good job, you flinched, now EVERY bully in the playground wants to play chicken-and they're much much bigger.

@Jason B
I'd love to go change my passwords and get a new credit card issued but I'm not 100% sure what information I put into my PSN account has been compromised.
I don't want to run around changing every single password when I can find out which password I used for my PSN account and change my accounts that use the same password. Ditto for my credit cards, why should I get 5 new cards issued when only 1 is compromised?

@(Unverified)

You could just check your credit card statements to see which credit cards have been used to order from the PSN and cancel those accounts. I only used one CC, and statements online should be there for at least a year, I think. If it matters that much to you (and it probably should), it'll be worth it to at least check, right?

@Alex Oglitchkin

I swear that external intrusion alert was up the second day. I know I saw it.

everyone just check your statements online right now then cancel your card. oh my god!! if someone has already used your card. call up the company and tell them your info was stolen.

this is hardly anything to be worried about.

@Alex Oglitchkin

I do actually. I also believe it was a top priority for them but go ahead and jump the gun like everyone else is, including Blumenthal.

@Alex Oglitchkin
From the beginning of all this sony has only reported what they know. They didnt know if creditcards were effected at first because they were actively trying to find out what had been effected. People jumping the gun like this isnt helping fix things it's just creating more complications. When they know there's a problem they tell you. They said two days ago (possibly more) that they werent sure about credit cards. but they second they said the word if you were really all that scared you;d be doing something yourself to protect your account.

@eat it

"this is hardly anything to be worried about."

Hey, eat it. Since this is about your tenth post in the last two hours talking about how this is no big deal and we should stop worrying and Sony has done nothing wrong, how about you go ahead and post your own credit card number for us here? thx

@eat it

Yeah, the whole "panic" that I'm seeing from the gaming community about this pretty much crushes any faith I had in humanity being able to logically and rationally think things through.

Personally, I'm glad that Sony shutdown the PSN once they realized that accounts were being hacked. Should they have left it open for another 4-5 days and run the risk of thousands upon thousands of more accounts getting hacked? They did the right thing.

The only problem I see is that it has taken them this long to issue the full statement. We all knew (well those of us who can read and use our head so that excludes most politicans) that there was a breach last week and we were informed of it. How deep was it? I'm sure that is what Sony has been doing - along with finding a way to fix the problem.

I feel bad for Portal 2 - obviously people have been online posting rants and threatening to sue instead of playing all the games that they can. Note to the ranters, the PS3 can still play games. No RROD, no Blu-Ray drive failure, no bricking of the console - just no online access. Oh by the way, the patch for Wow is now out, go play some of that for a few days if your only social interaction is through online means. Your internet still works right?