Sony defends PSN announcement delays
Sony has attempted to calm angry PSN users over the lack of information following service attacks.
Sony first took the PSN service offline on 19th April, when it first learned of an attack on the service. No information or explanation was offered to users until today, however.
'There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised,' Sony's director of communications Patrick Seybold said in a statement.
'We learned there was an intrusion 19th April and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident.
'It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.'
Sony has advised PSN users to keep an eye on their accounts until it is able to learn more.
Let us know your thoughts in the fourms.
Previous Article
36 Comments
Discuss in the forums ReplyIf you were worried enough to shut the service down, you at least feared data may have been compromised else you wouldn't have done it, you still should of said;
"We have detected a external security breach of our systems, we do not know if any data was stolen but we advise you all to change your passwords and get replacement credit cards/ keep an eye on statements and we'll update you when we have further information"
It's not hard is it?
So, using Sony's logic, rather than risk a PR nightmare over what could end up being a false alarm, they waiting until they were sure it was a PR nightmare. Nice priorities.
Just shows they dont really care about the user base and only care about future sales.
If card information has been taken I expect we will start hearing stories of fraud and id theft.
Get real, seriously. What if there hadn't been a breach and they'd told everyone there was? People would have changed cards, details, passwords EVERYTHING for nothing, right? Honestly... I'd have done this straight away as they did say "external interance" which means hacking.
Kinda funny that everyones jumping on Sony because they dared wait for confirmation. Get real.
Not waiting for confirmation leads to far more problems and PR backlash then assuming and running with it only to find out otherwise.
How is it disgusting that Sony brought down the entire system once the breach was detected, informed the customer base that the system is currently down and then confirmed why it was down? I recall Sony being attacked just for suggesting (without confirmation) that there was a possible external intrustion because people assumed Sony was blaming anon. Now they are being attacked for not confirming fast enough for you (keep in mind the system has already been brought down to protect any further data being taken) that it was infact, an external intrustion.
Case in point...Sony did inform the customer base that there was a possible external intrustion after bringing the PSN down and that account data may have been taken. Folks were to busy riding the anon vs Sony bandwagon to care.
What a silly and very naïve post! As soon as Sony realised that user accounts may have been compromised, they should have announced this immediately letting the customer decide on the best course of action for them.
Would you write the same if it were your bank who had their files on customers hacked and stolen?
Lets face it if the wanted it get in they would not matter what Sony do.
Why PSN and not the XPox Live? its microsoft and has more users
Should stick with PC gaming.. as i do..lol
So, if you loose your credit card on a night out. Do you wait 7 days until you can go to the place you think you lost it and ask if someone handed it in or do you cancel it to be on the safe side?
Up to you, but i'd rather be safe than sorry.
Hurting Sony financially is one thing, but this has gone too far, can we trust Sony anymore? This has more implications than many of us thought....
No false alarm/PR backlash is worse than hackers having a week head-start on 70 million identities.
Correct.
Not really... I'm just someone who's not foolish enough to leave my details lurking attached to an account. Even my STEAM account doesn't have them saved. I mean the main reason in my eyes they didn't turn round and say, is because a) they didn't know they'd been compromised (jesus my spellings awful today) and b) could you imagine if they said it, then had to retract it? The media frenzy would be far, FAR worse than this has gotten.
Really? A company thinking about it's image over it's customers... who'd have thought eh?
See my previous comment.
Also, who the hell uses a credit card on these things... thats just asking for trouble.
Seems this could go in the direction of a gloriously illogical flamewar me thinks.
You should be changing passwords every few months anyway. I would rather have a new card, pin and passwords than have the headache of talking to bank regarding the £2k overdraft some dickwad has rung up.
Its far better Sony coming out and saying "We've been breeched, we don't know the damage but do x, y and z just incase."
True... but with many people that isn't possible. For example at work I have seven passwords just to get on my damn system in the morning. I then have Facebook, BitTech, Gaming forums, Community forums, Banking passwords and other wiffle waffle online that hits over 30+ registered member sites (not porn before some twisted individual... Teel... thinks of it) so it's literally nigh-impossible to change this over.
Admitting to something like 70 million profiles being breeched, you can tell that at least 1% of them are then going to file some serious issues with Sony which in the long run, maybe more costly than them losing details due to hacking in the first place. (I.e. customers suing Sony over Customers suing Sony over non-action.)
I know it seems cruel and maybe a little cold hearted of me. But I think if your details are accessable via the Internet then you should always be ready for this kind of issue to come up really. There is always the real possibility that your details are going to be gotten hold of by some negative entity on the web, right? To think otherwise is... whats the word? Naive? No system is 100% secure, other than not having it online in the first place... and best of luck to breaking into my flat to get hold of my details!
Thankyou! Someone who see's my point of view. Why cause a scare if you do not know.
So the reality is that Sony knew that their network had been exposed in such a way that it afforded access to important and private information. There is no other explanation for the drastic and unprecedented measure they took. They didn't simply "fear" there had been a breach, they knew it.
Despite this, they spent SEVEN days deliberately misleading more than 70 million users about the problems they were having. Let me make that point again.
Deliberately misleading users.
For some reason they felt that their position as a leading global corporation afforded them the right to decide for 70 million people whether or not to trust their personal information to the hope that the hackers had decided not to download the database.
That is unbelievably arrogant behaviour and says a great deal about the corporate culture within Sony. Either the announcement was deliberately delayed to avoid clashing with other PR announcements or, every employee involved was too frightened of career repercussions to take responsibility for releasing the information until the decision was made at the highest level.
One thing is pretty much certain. For at least 7 days, criminals have had the personal details, password and DOB of over 70 million people. And possibly their credit card details too. The effects of this hack will go on for years as much of that info will still be viable for use in identity theft for a long time to come. After all, while changing a few passwords is easy to do, how many of you can easily change your address? Or name? Or DOB?
One small point that seems to have been missed is that there has been a suspicion that Sony collects quite a lot of data about its users...if that is true then what else do the criminals now know about us?
Still, as Sony have shown over the past few months, they have very good lawyers. So I doubt there will be too much fallout for Sony. As always, the users will bear the brunt.
As for the Geohot case, I doubt it is directly linked to the hack except insomuch as the hacking of the playstation firmware may have exposed security flaws in the PSN that were exploited.
While i see you point of view I dont agree with it. My view was nailed when you said
@eggy you don't need to know what was accessed to know that there is a possibility that getting any info could screw people. Any breach is serious enough, even if its just snooping or vandalism to warrent people taking action in changing passwords. Attacking PSN wasn't just to model a similar system after it. It was clearly to snoop at customer details and damage the system where possible. same if amazon was attacked, I would change my details regardless. Any compromise has the possibility of accessing details that shouldn't be made public, even if they didn't would you take the chance?
It almost sounds like they are trying to blame us for giving them the information. I honestly don't know if I gave them mine, but I never fill in optional fields, so if they have it chances are they made us give it.
In Goldmembers words, "Then there ish no pleeeezing yoou". Nailed opinions aren't fun. A bank wouldn't tell me it got hacked, thats the purpose of a good hack. As for Facebook... not alot of good there as I do little more than enlighten people to how foolish they are (Yes... very egotistical I know).
Oh don't get me wrong I have different passwords for most things dependant. Financial things have one, Games have another, Tech stuff another and Work based stuff another. So it should be... I'm not going to try and remember 30 passwords because thats just not possible with everything else I have to do man, and don't get me started on password completion systems. Not a good move.
I never mentioned trust? I don't trust any company... not even the one I work for to keep my details secure chap. I never will, thus why if I answer my cellphone to an unknown number they get me saying a random name (That and for the shits and giggles of hearing their reaction to "Hello eggs and bacon..." at 0830am on a saturday.) If you're going to put your details on the net, be prepared to have them violated, hell someones gonna do it and they've been doing it from the moment you first saw "PENIS EXTENSION!ONE35612" come into (lol, no puns) your hotmail box when you were eight, right?
Le sigh.
What? That's crazy.
People seem to be seeing this as A) Sony could release a PR on day 0 saying "ZOMG YOU HAVE ALL BEEN HACKED" and started a mad rush of people cancelling cards etc, or B) They do what they did, and wait seven fricking days before even mentioning the possibility.
I don't see why they couldn't have done C) Release a PR saying there are some legitimate concerns about the security of people's information, and that it is worth watching your account carefully for suspicious transactions, and advising people speak to their bank, card provider etc about how to go about preventing fraudulent activity in their account.
This would have been a measured, deliberate response to what at the time was genuinely a legitimate concern about people's information. They don't have to start a mad panic, they don't have to say everyone has definitely been dicked, only to possibly have to retract it. Either way it turns out, they have covered their own asses and the asses of their customers.
7 days later, they confirm the **** has hit the fan, and everyone was well prepared for it, and praise Sony for being so diligent and putting their customers before their own selfishness. Sony get to be the good guys.
Or, 7 days later they confirm that no one is at risk. People are now more aware of what to look out for in terms of fraudulent activity (always a good thing), no one has gone on a mad spree to cancel their cards etc, and Sony get to be the good guys. Again.
The absolute only reason that Sony would keep people in the dark is in the hopes that it is nothing and that it will all blow over with no reprecussions. It's, quite frankly, a stupid gamble. They have missed an oppurtunity to show how dilligent they can be, and since the **** turned out to hit the fan anyway, they are now in even more crap than if they had just admitted there was potentially an issue.
I couldn't be bothered arguing since your clearly wearing a tin foil hat and failed to address any of what I said. Just one thing, you clearly haven't applied to any jobs in your life (either have one and lack ambition or are just a bum, I can't tell) but every company I've applied to have always withheld their numbers. 30 passwords.....easy, Ill give you a tip, break passwords into 3 sections which can come in any order and have at least 5 combinations per section. even key words are helpful, ie. kitchen and one of those sections is made up of something in the kitchen or in my case, something that shouldn't be there. change the keyword every month and you'll not only have more combinations but it'll be a hell of alot easier to remember. Even if you can't remember that writing down keywords especially vague ones could mean anything.
from what i'm reading i'm not sure either way.
Yeah, of course. Because being protective over my credit card/debit card details is tin foil hat wearing.
[/conversation]
YES!
paymentMethod
holderName
cardNumber
expireYear
securityCode
address
address.province
address.postalCode
serviceid
loginid
password
consoleid
Source
Is that enough information for ya? :D
Apparently this has been happening since as early as Feb and Sony has only just found out about it?!?
I guess they were too busy suing everyone and collecting the IP addresses of people who watched a video of geohot on youtube, rather than fixing their own security flaws.
The worst thing is they never even bothered to put any encryption on this sensitive data...
Sony have screwed up Big!