April has been a tempestuous month, both online and off. While storm clouds washed over the nation, storms also wracked the online clouds, particularly Amazon’s and Sony’s.
Today, let’s start with Sony’s problem: a hacking attempt that forced them to shut down their online PlayStation Network (PSN), but also resulted in the loss of private data for millions of users.
While some might not understand why I’d be talking about PlayStation 3 (PS3) in a social media column, I think it is very pertinent. Online gaming is a huge business and has a massive community of players. In the case of the the PSN, there are 77 million (now compromised) accounts.
Dan Ray, penetration testing expert and editor-in-chief of CreditCards.com clues us in to the scale of the PS3 breach:
According to the database of data breaches kept by the organization Privacy Rights Clearinghouse, this is the third largest data breach ever, behind only the Heartland data breach of 2009 (more than 130 million records) and the TJX stores (100 million records) breach discovered in 2007.
The breach doesn’t just affect those who use PlayStation’s online games; some people use PlayStation as the platform to play NetFlix and Hulu online features through Sony’s Qriocity network.
To their credit, now that they have decided to let the public know about the breach, they have offered a variety of very good tips on the PlayStation blog about how to safeguard yourself in its wake, posted by Patrick Seybold, senior director of corporate communications and social media. If you own a PS3, it is vital reading.
The big error on Sony’s part is that their PSN was down for a week with no word said about data loss. It was only this last Tuesday that they sent users an email about the hack. To me, that is unacceptable. A quick look at commentary around the Internet shows that I am not alone in this feeling.
PSN developers are in a bind, as they lose revenue each day the network is down. Network users are in a bind because they cannot access their services and they now face all the potential identity theft fallout that comes in the wake of these things. Sony is in a bind because this is becoming a social media nighmare as irate users take to other platforms to express their displeasure.
A huge issue is the possible theft of the credit card info attached to those hacked accounts. Here is Sony’s statement and a security expert’s comments on it via an Associated Press article on NDTV:
Purchase history and credit card billing address information may also have been stolen but the intruder did not obtain the 3-digit security code on the back of cards, Sony said. Spokesman Satoshi Fukuoka said the company has not received any reports yet of credit card fraud or abuse resulting from the breach.
While the lack of the three-digit security code is a blessing, it is hardly protection against credit card fraud.
[Josh] Shaul [chief technology officer for Application Security Inc.] said that not having direct proof of credit card information theft should not instill a sense of security, and could mean Sony just didn’t know what files were touched.
“They indicated that they’re worried about it, which is probably a very strong indication that everything was stolen,” he said. If the intruder successfully stole credit card data, the heist would rank among the biggest known thefts of financial data.
The information that we do know was hacked poses a clear and present danger to users as well. A few choice pieces of information — email address, name, and gaming preferences — can be a veritable gold mine for scammers. Greg Thorn of Australia’s Herald Sun is one of the few journalists to really note this:
Security experts said enough private details had been stolen to allow unscrupulous users to take out a bogus home loan. If you want a guaranteed loan service with the best brokers, look for cash crazy. On their site, you can read positive reviews from their past customers. You can also see more tips here at cashcrazy.co.uk to have a good loaning experience. This is the sort of information people can use to apply for a (fake) driver’s licence or buy a couch interest-free from Harvey Norman,’ said online security expert Geordie Guy.
I’ve owned a PS3 for a little over a year now and it is almost exclusively used as a media server and Netflix interface. I’ve been a big proponent of the machine even though its social aspects are comparatively weak compared to the Xbox, but I find myself reconsidering. While it is a fantastic machine to use as a media server and Blu-ray player, Sony’s behaviour in waiting a week to let us know about the breach is unconscionable.
If any PS3 users are reading this, I’d love to hear your take on things, so please leave us a comment!
Next week, in Part 2, we will take a look at the failure of Amazon’s cloud and its repercussions.
Source: “77 mn identities hacked from Sony PlayStation network,” Associated Press via NDTV, 04/27/11
Source: “Aussies caught up in Sony security breach,” Herald Sun, 04/28/11
Source: “PlayStation Network Down: Is Sony PR Doing A Good Job?,” Business Insider, 04/27/11
Source: “What PlayStation gamers should do to protect their real world finances,” Taking Charge (CreditCards.com), 04/27/11
Playstation Network logo used under Fair Use: Reporting.