The Internet is awash with people demanding compensation as their personal data is now in the hands of hackers but they may be in for a shock if they take legal action against Sony. MCV has noted the following statement in the Sony Online Terms & Conditions:
We exclude all liability for loss of data or unauthorised access to your data, Sony Online Network account or Sony Online Network wallet and for damage caused to your software or hardware as a result of using or accessing Sony Online Network.
Sony may be liable to a fine from Information Commissioners Office (ICO) of up to £500,000 if they are found to have broken the UK Data Protection Act but it appears that individual PSN users will not be able to claim any financial compensation.
Source: MCV
Bilbo_bobbins
what a surprise, hidden in the massive small text is something that covers them from everything, including, if they came round and smashed your PS3 with a hammer probably.
squashme
they havent covered themsleves for this Sony has to comply with the law and inform its customers straight away of any breach to customers details they clearly did not do this and waited over a week to do so they are not out of the woods yet
eye8have9you3
well we don’t know when they found out customer details were compromised, all they knew when they shutdown the psn was that there had been an intrusion. Look at that case with play.com, it took them 3 months after noticing an intrusion to realise email addresses had been taken. It’s perfectly possible that they only found out that user info was taken yesterday, there’s still no evidence whether or not credit card info has been compromised
squashme
sony can afford better security than play.com they realised they had an intrusion 10 days ago it took them 4 days to shut the serves off normal people would shut their servers off immediately after finding out they an intrusion not wait several days to do so of corse they knew personal info was taken straight away it was a hack thats what some hackers do take personal info
eye8have9you3
well for a start your dates are wrong, from the information from the eu blog the intrusion happened between the 17th and 19th, they found out on the 19th and closed down the service there and then, there was no 4 days wait like you mentioned. Secondly, they didn’t immediately know personal info was even targeted, let alone compromised, It could have been people trying to shut down the psn like anonymous did, or trying to access any industry sensitive data that could be on the servers or any number of other possible targets. They did the right thing and hired a private internet security firm to investigate and when they could confirm that personal data had been compromised, they let us know. They still don’t know if credit card data has been accessed and will tell us when the do. Ultimately, whether or not sony’s data was secure enough to begin with, I feel they have handled this pretty well and kept people updated without unnecessary panic, a difficult feat in this world of 24 hour news
cc_star
Since the horse bolted, they have shut the stable door extremely well & handled things just fine IMO… Questions still exist about what Sony was doing before the horse bolted.
If hackers were probing their system, why didn’t it flag up, did it take hours or days of probing to find the weak spots, again if so why didn’t it flag up. When the intrusion was taken place how come the security failed. 77 million accounts worth of day at maybe 1 or kilobytes per account means a 77GB to 154GB database was downloaded, this should have threw up some massive red flags, but didn’t. Within that database things weren’t as secure as they should be, passwords for example. There is also the issue of, exposed, seemingly unprotected servers (of some kind, I’m not technical enough to know what they are) running out of date software on an OS with known vulnerabilities, and many other questions which will probably surface in the coming days.
but yes, from the moment Sony flicked the off switch they’ve done everything supremely well (apart from lie initially (yet again) that it was maintainence). Lets just hope they’ve not been incompetent with everything from the networks design leading up to the 19th
3shirts
That’s actually quite a pertinent point. Obviously your example is a joke but the very reason that they can’t say ‘we can come and smash your console with a hammer’ is because that is a criminal act.
If you handle credit card data you are legally obliged to protect it as far as reasonable. Failing to do so, as it appears is the case here, is a crime and is therefore excluded from and T&Cs just the same as your hammer example.
squashme
but Sony are the ones that had your credit/debit card details so they are liable to protect it at whatever the cost you cannot protect something that Sony has a hold of you can only protect your card and your details on the card once you hand those details over too Sony to buy stuff from the store their the ones that are liable to protect your details by law
3shirts
Um, I was agreeing with you.
squashme
sorry I thoguh some of your post directed at me my apologies
Uhyve
It’s the reason that people always say “this does not effect your statutory rights”, because that would be an unfair contract term, as stated by the Unfair Contract Terms Act. In fact, IIRC (from a year of a barely attended Liability/Ethics Uni module) making claims like Sony has just done can in fact void the entire contract (ToS).
Rookie move by Sony here.
cam the man
I’d rather they spent the money beefing up security.
Origami Killer
shame they didnt see the hack coming
squashme
actually they did they noticed 10 days ago
Kovacs
Sony have lost consumer trust. That loss is incalculable.
Bilbo_bobbins
they have lost mine, I will only use PSN cards from now on and I will change all my details when it comes back online. Hardly buy anything anyway
squashme
or use those pre paid credit cards they cant take any money off them lol
deadwelsh
Pre paid CREDIT cards?? lol
Uhyve
Same. Plus, I have a 360, so guess which console I’ll be going with when DLC or downloadable games come out on both…
squashme
pre paid cards that you have to money on to use and cant go overdrawn
deadwelsh
so not a credit card then
squashme
yes its a credit you use it like you would a normal credit card but only you have to put money on it to use it making fraudulent activity on it virtually impossible
Bladesteel
I think he’s trying to point out that what you’re describing is not a _credit_ card, the term debit card is more appropriate.
Origami Killer
i can actually say that i have read through the terms and conditions all the way and i seriously should of taken it into more consideration
cc_star
Terms & conditions, just like End User Licence agreements, doesn’t preclude a company from complying with the law.
and whilst users may not be able to claim compensation from Sony directly it doesn’t mean there won’t be loads of class action cases from around the world happening, especially as an almost total lack of security on Sony’s part seems to be coming clearer and from increasingly reliable sources.
It’s popcorn time over the next few weeks, that’s for sure.
m61726b
European law states companies can not pass on information but that implies knowingly. Hopefully an investigation will find SCE security lacking so we have some protection in future.
squashme
but thats only if you dont agree to let them though if you let them do so thats your own fault
quinkill
oh man! I had around £20 in my PSN wallet. God I hope it’s still there :/
Kitch
No money has been taken. Card details. Oh and they might have raided PS store.
hazelam
if sony are found to be criminally negligent in their security, then i doubt any license agreement will protect them.
as i’ve said numerous times, the law overrides any license agreement.
squashme
completely agree Sony think they have themselves covered but they don’t
squashme
even the Democratic US senator for Connecticut, Richard Blumenthal has got involved for the US users and wrote a letter to Jack Tretton about it
hazelam
didn’t gamestation or some other retailer put a clause in that stated by signing their agreement they now owned your soul.
these license agreements are a joke, they know people never read the whole thing, face it, often they’re almost novel length documents, if you buy an audiobook on itunes, the license agreement can often be longer than the book.
they know a lot of the stuff they put in them is totally unenforceable, and they put other clause int that say if another part is not legal then it’s not their fault.
they have teams of laywers writing this crap so it’s as hard to read and understand as possible, not to mention long enough that you could spend days reading through it all.
legal mumbo jumbo and fancy language to hide the fact they’re just trying to make it look like they can do whatever the hell they want when they know they can’t.
they know that a lot of the time, people wont challenge it, many people will, incorrectly, assume that the license agreement is as good as a law.
that if it’s in the agreement, it’s legal.
well it’s not.
squashme
I read the T&C’s and privacy policy a few years back all the way through when I got bord lol
hazelam
wow, that’s marathon runner level endurance there, i’m impressed. O_O
squashme
yeah took about 3 hours to get through it all
squashme
theres stuff in them that you can use against sony in certain cases
Gadbury
Yes, Gamestation: http://www.bit-tech.net/news/gaming/2010/04/15/gamestation-we-own-your-soul/1
squashme
actually they are liable according to the ICO regardless of what the T&C’s say
dazluss
Doesn’t ICO only apply to data held on UK servers? It will only cover a small margin of data leaked.
ICO did nothing about the unsecured data that was passed from BT to ACS LAW recently so if ICO won’t punish BT I can’t see them going after Sony with anything stronger than a wagging finger.
m61726b
But the EU went after Google for doing the same.
squashme
yes thats true thats why theyve got involved because it involes 10s of millions of people not just a handful they wont just give a wagging finger theyl get bigger punishment
3shirts
ICO won’t do anything, he’s too busy ferrying Yorda about
squashme
yorda ?
3shirts
That is unenforceable because that statement would require Sony take ‘reasonable’ care to protect your information. It looks very much like thay have not done so
colmshan1990
So say you.
I would say that up until now they’ve had a pretty good record with it. Or are you going to say that this is the first attempt anyone ever took at hacking it?
3shirts
Absolutely, I admit that I am basing it on some of the info I have read which has come from reasonable but by no means 100% reliable sources.
Bilbo_bobbins
first of all our passwords were never encrypted, thats a worry. Why weren’t they?
cc_star
@c1990
Unhashed passwords
an out of date apache installation
Running on a redhat server with known vulnerabilities… and much much more http://www.eurogamer.net/articles/digitalfoundry-psn-security-scandal
This info was known within a few hours, makes me wonder what will come to light over the next few days, especially if the hackers ever leak how they did it
It’s almost like Sony’s security consisted of ‘are you a PS3, if the answer is yes – here help yourself to whatever you want’