Saturday, June 04, 2011

SONY GROUP - PlayStation Network and Several Websites Compromised

In mid April 2011, Sony Computer Entertainment was subjected to external DDoS attacks. To further complicate matters, roughly a week later (on 4/20/11), the PlayStation Network was again attacked, but more severely. Personal information of approximately 77 million PlayStation Network account holders had been illegally obtained and possibly put up for sale (the latter part Sony denies). 

In this particular case, once Sony became aware of the attack, they shut down PlayStation Network in order to mitigate further damage and to conduct an investigation. As of May 3, 2011, the exact identities of the hacker/s are unknown. Furthermore, Sony has been taking criticism over this, largely due to 2 factors: (1) Sony had taken roughly 6 days to disclose that key personal information such as credit/debit card numbers, names, addresses, etc. had been compromised, and (2) the seemingly inadequate manner in which the information had been stored. 

Although Sony is working with the FBI in investigations into this, the situation has caused public outcry - not just from fans of the PlayStation brand, but from within the government as well. Specifically, Senator Blumenthal of Connecticut has been in contact with Sony, demanding answers. Additionally, at least one (if not more) class-action lawsuit/s were filed against Sony by PlayStation Network users over how their handling of user's personal info & not being initially forthcoming with information of the network breach once it was discovered. 

With all of these factors taken into consideration, as well as the significant hit to the faith of both PlayStation Network users and stock holders, the value of Sony's stock has dropped approximately 10%. It has since risen a little (1-2%) after the network was brought back online.

On May 5, the PlayStation Network Blog website released a letter written by Sony chairman Sir Howard Stringer, directed at gamers, PSN and Qriocity Music Service users. Stringer announced Sony's plans for an Identity-Theft Insurance program, stating "A program for U.S. PlayStation Network and Qriocity customers that includes a $1 million identity theft insurance policy per user was launched earlier today and announcements for other regions will be coming soon." 

The plan, AllClear ID Plus powered by Debix,is available to users for one year and includes Internet surveillance, complete identity repair in the event of theft and a $1 million ID theft insurance policy for each user. Australia has called for a ban on PSN until Sony can prove network security, meanwhile Japan is the first country to outright ban PSN until Sony can prove the network's security.

On May 25, Sony announced that its Sony Ericsson website in Canada and the Sony Music Entertainment website in Greece had been compromised, putting the personal information of more than 10,000 users at risk. Security consultant Phil Lieberman said Sony's approach to customers that wanted to modify PlayStation 3 software, including the decision to sue popular hardware hacker George "GeoHot" Hotz, was a fatal mistake. He states, "Telling them to bring it on is not the best strategy. I think Sony is beginning to understand it horribly underinvested in security." (Wikipedia)


Post a Comment