Sony, The PSN, And The Communication Black Hole

The fallout from the PlayStation Network hack will be felt for weeks, months and years to come.

We don’t know what’s been stolen from the PSN, but it’s reasonably safe to assume that it’s everything. So, while some might not be particularly worried about credit card theft – after all, you just need to call your bank and they’ll cancel that number and send you a new card – it’s the way this was managed and reported that could end up causing the major issues.

– ARTICLE CONTINUES BELOW –

We’re starting to hear, from banks, that they were alerted to the intrusion on or around the 19th, comments from TSA members and beyond suggesting that Sony informed the financial institutions even before they switched off the authentication service on the PSN. We can’t verify this ourselves, but based on what we’re hearing, this is starting to gain ground.

It was on the 26th of April that Sony managed to pull themselves together and tell us what had happened. If the intrusion was between the 17th and the 19th, that’s pretty much a week. A week in which the hacker(s) have seemingly had access to our data – credit cards, purchase history and – worst of all – enough of our ID to start to make some waves.

Name, address, date of birth, security question. It might all be ‘protected’ but it wasn’t encrypted – once the protection broke all this is in the clear, and – potentially – available to anyone. If your security question was your Mother’s maiden name, consider that another blot – ID theft is on the increase, and upwards of seventy million accounts will be a goldmine for the black market.

It’s true to say that this loss is causing a huge problem for Sony. I’m not personally too worried about identity theft or the data that could potentially be seen. Aside from my credit card number, all the data they had access to could have been gathered just as easily by picking through my bins. There will be many who have even more sensitive data than the stuff Sony lost, in public view, on their Facebook pages.

But think about this – if the information is distilled into a searchable list, what’s to say that the next time you’re online the person you’re playing against can’t look up your PSN ID, get your real name and start taunting you? They’ll know your real address, your birthday. And if they’re linked in the database, they’ll know the details of your dependents and sub accounts. It’s this uncertainty that breeds this speculation and Sony’s reluctance to offer comprehensive information only serves to compound that issue.

Make no mistake, people might be happy to say that Sony did the right thing in switching off the service, but the information was – everyone assumes – already extracted and who knows where it could all end up? Scaremongering has been rife since the day the PSN went down, but all this is very real and far too easy to understate: ID theft is a hugely serious matter.

What can we do? Nothing, really. If you’re already signed up to an ID protection scheme then just keep an eye on your credit rating to ensure nobody’s taking out credit in your name, or companies aren’t doing credit checks against you, renting flats, hiring cars, that sort of thing. Just stay vigilant, and hope that the information doesn’t end up on some torrent.

What this debacle has done for me is make me begin to take the measures I should have been taking all along. I use a password generating program to make and securely keep my passwords now, I won’t store my credit card info online again and I’ll even start shredding real-life sources of this data before they go in the bin. It’s always sensible to keep a close eye on statements and accounts but this fiasco has brought that need into sharp focus once again.

As for Sony and the way they’ve handled the communication with customers, let’s just say we’re far from impressed. The eventual statement read more like a legal/PR exercise than a truly apologetic one as it should have been, with more get out clauses than answers – why did it take a week? Why wasn’t the security answer one-way hashed?

Did they actually breach the network and get full access to the databases (and thus managed to dump everything) or did they sniff out packets from PS3s as they went back and forth to the servers,  limiting the damage to just those that were connected? We’ll probably never know, resulting in constant doubt about our identities.

I wouldn’t doubt that Sony are the only company to have had problems like this and we simply don’t hear about it in many other cases. I think the fact that the network has been taken down and is being rebuilt means that it gets a larger place in the spotlight than most companies would give it. For me, though, the security risks are of minimal concern. For me, the bigger issue is the bond of trust that has been broken.

Sony’s reluctance to say anything substantive for a week and then their eventual statement still being largely uninformative is a shambles. When their consumer base needed abject humility, they got legal base covering and vague doublespeak. Customers still don’t have all the facts of the matter or a firm timeframe to expect the service to return. Many people are now paying a subscription for a service which doesn’t exist (PS+) and they have no idea when it will be back.

Will the PlayStation brand ever be the same again? It won’t be easy for them. In a gaming landscape which is becoming more and more dependent on connectivity, digital distribution and micro transactions, Sony have effectively told their consumers that they can’t be trusted to handle these aspects. Even if the network is rebuilt as the most secure in the world, regaining that public perception could be a major stumbling block.

The die hard fans will remain in force, but some of us will be far more reluctant to give Sony (and other major companies) such delicate information in the future – we won’t know the far reaching consequences for some time, but just now this has all been an unmitigated disaster, and one of the biggest leaks in modern history.

There are insane amounts of hyperbole being thrown around the internet about never trusting Sony again but there is an element of truth in there. The simple fact is that much the consumer base will feel that Sony let them down with their silence. That bond of trust is much more difficult to recover than security on a server.

– PAGE CONTINUES BELOW –

142 Comments

  1. Seems that because Sony have done a stern job after the horse bolted, the die-hards are unperturbed, but how well this will translate into future sales of PS3’s (outside the core) once Move gets going properly, future sales of Bravias & Blu-ray players etc and other PSN/Qriocity connected devices will be hard to gauge.

    Trust is exceptionally hard, if not impossible to regain, so just because some reaction is completely over-the-top it doesn’t mean Sony are in the clear just because they pulled the plug, especially before we know how big, or small the failings were on their part.

  2. Storm in a tea cup. It`ll be forgotten about in time and hopefully we will realise this was all blown out of proportion.

    I mean whos to say that the individual who downloaded all the details of which I’ve read is approximately 300gb+ in size containing 77million people details, didn’t just delete it or has no intentions of doing anything with it.

    The amount of hyperbole created is just nuts, although I can see why but I dont think l`ll be jumping on that bandwagon any time soon.

    • I think I agree with you here. Most people will probably not even know of this happening, plus in two months time and people are looking for a stereo/tv/ps3 people would of forgot anyway.

    • so if the hackers declared you bankrupt you wouldnt be bothered by that ?

      • Of course he would, you’re not getting his point. He’s saying that it hasn’t happened and probably won’t, so why get yourself in a twist over it all at this stage? It’s a fair point, and I’m sure if he was declared bankrupt he would indeed be quite upset.

      • i dont think anyone is going to go bankrupt in this day and age with ID theft. most banks reimburse stolen funds.

      • Lol I am all but bankrupt anyway so my info is pretty useless to whoever may try to use, I can’t get credit anywhere I was too silly with debt in my youth and am dearly paying for it now

      • thats why you should have a debit card or use psn cards

      • hunterstryfe i know your pain mate but for me it was an ex wife who killed my credit and took my house. slowly building it back up now though

      • shrek9 said “thats why you should have a debit card…”

        WHAT? Stop talking because you are dangerous. In these situations a debit card is MUCH worse than a credit card.

    • Do you think anyone would go through trouble of hacking a server, exposing themselves to criminal charges in most countries, and downloading 300Gb of data only to delete it? If someone is that dumb and still managed to penetrate Sony’s security then that security must really have been atrocious.

      They don’t even need the credit card details for the data to be attractive. A list of 77 million actual email addresses is probably also worth a lot of money. Especially since a significant amount of those addresses will have used the same password on their email account as on the PSN, so they could access those account and send email “on their behalf”.

      It pisses me off that they’ve lost the address to my mostly spam free mail, and that I now have to expect an increase in “great offers” sent to me, multiply that amount of pissed off by 77 million and you have a huge loss of goodwill for Sony, that will probably be visible on their profit this year.

    • absolutely agree this is blown WAY out of proportion. they shut down the servers asap. people keep saying there was an ‘information shortage’, but it seems to me they updated us nearly daily with new information, and let us know what was stolen the very day they knew. people are just being internet crazy — this really isn’t that big of deal. supposedly, any cc information that was stolen was encrypted, and people routinely give out their private information for facebook apps and free bags of chips. the 1% of people that try to stay off the grid are still fine, since they made up a DOB and used PSN cards bought with cash anyway.

    • #10. …..Never let your debit and credit cards out of your sight. If you’re paying in a restaurant, the waiter may try to walk away with your card — don’t let ’em!

      I can’t remember the last time they didn’t carry my card off somewhere out of sight.

  3. I cancelled the card I had on my PSN account (cancelled outright, not replaced) since I’d been meaning to do so anyway. I even left it 24 hours after Sony told us.

    As for the other info, I’m not really that bothered. Yes, it’s possible it could be used for identity theft, but anyone can get essentially the same info from the electoral roll. If you know someone’s name and the town they live in, you can find most of it by registering at 192.com.

    The way people are going on, you’d think PSN was the only network ever to be hacked. It’s not the first, it certainly won’t be the last, and it’s not even the worst such occurrence.

    I don’t deny it’s a significant issue, but even so, the reaction in some quarters seems massively out of proportion.

    • Whereas bits of info are easy to gather from various places, I’m not sure it’s possible to get a name & address & a date of birth without asking them, unless some muppet has got them all displayed on FB or something. The bits of info are useless without the ‘whole’ which thanks to the hackers & maybe some insufficient security some people could have everything they need.

      • and the security question and answer. DoB, Address and mother’s maiden name will get you into a lot of locked rooms…

      • Census data can be bought online which would give you most of it with a click of a button. I found sites last week. Names and address are accessable for free without any login required.

      • Name and address = Electoral Roll
        And as for your mothers maiden name… that’s about the stupidest security question out there, most sites now over multiple questions, and the facility to choose your own.
        Realistically people should have been changing these questions and answers when they changed their passwords

      • Over half of people opt out of the edited version of the electoral roll, that’s the one that’s for sale.

        There’s no way anyone can get all the info needed, unless you choose to give it to them, or are silly & display them in a public place.

      • Most reports seem to suggest that the PSN didn’t store enough data either.

      • We all keep saying that Sony’s security on the psn was poor, I bet it wasn’t, I bet it was bloody good. Somebody very clever has bypassed all of the security they had in place, doesn’t mean the security was no good. They might not have kept us informed to the best of their abilities, but I highly doubt there was anything wrong with their security systems. I wonder if this person/people hacked xbox live instead, whether they would’ve found better security there. I’m betting they wouldn’t

      • Name, address, and DOB can be obtained via electoral roll and national census

    • Tony, Sony have admitted that they didn’t encrypt PSN passwords.

      Hence, the security was poor. This is pretty indisputable.

      • But should passwords be encrypted? Somebody on here made a very good comment earlier which was along the lines of – if passwords were encrypted, then every time anyone signed in, it would have to be decrypted then re-encrypted every time, placing a massive load on the servers. Makes sense to me. Is encryption of passwords standard practice? Besides, that’s only a tiny part of the problem, the main issue is loss of personal data, which has nothing to do with the passwords.

      • @tonycrawley

        “the main issue is loss of personal data, which has nothing to do with the passwords”

        Considering that the password is what stands between them (hackers, criminals, etc etc) and your personal information, you can hardly say that the loss of our personal information has nothing to do with passwords.

      • Why is everybody talking about passwords i don’t think this has anything to do whit passwords since they broke all the way in and they didn’t just hack a few accounts

      • But can’t you just change your password when you get back in???

      • @Juelz345 – I think he means it’s more down to the fact that if you’ve been smart and safe with your password, you really shouldn’t have anything to worry about.

      • You have questions, I have answers!
        :)

        The BIG point. Yes, passwords should be encrypted. Always. That’s not even debatable. Seriously. It’s security 101.

        As for the “load on the server” point, I’m assuming you’re not technical. That’s okay, it’s cool, but it does sound like you’re not too savvy with user authentication.

        In very basic terms, there is no difference in server load when it comes to checking if a password is correct whether or not the password is encrypted or not. Why? Because the password isn’t decrypted during the check. What happens when you log in is that the hash number of what you provide to the server and the hash number of the password in the database are compared. This is a number that is derived from your password but you can not work out the password from the number (well, in theory, see: http://en.wikipedia.org/wiki/Rainbow_table). If the numbers match, that means the password provided is the correct password and, voila, you’re in.

        If not, the password you provided is wrong.

        The point here is that the password is never decrypted. It is always secure. And there’s no difference in terms of load because you’re still checking if the password is right, you’re just actually checking if a very specific number (derived from the password) is right, not the password itself.

        Here’s more for you (if you’re interested)

        http://computer.howstuffworks.com/encryption5.htm

        As it says: “Public keys generally use complex algorithms and very large hash values for encrypting, including 40-bit or even 128-bit numbers. A 128-bit number has a possible 2^128, or 3,402,823,669,209,384,634,633,746,074,300,000,000,000,000,000,000,000,000,000,000,000,000 different combinations — this would be like trying to find one particular grain of sand in the Sahara Desert.”

        From wikipedia:

        “Computer systems that rely on passwords for authentication require some way to tell if an entered password is correct. The simplest approach is to store a list of valid passwords for each user, however, this allows anyone who gains access to the list to know every user’s password. The more common approach is to store a cryptographic hash of the password. This protects the stored information because such hashes are difficult to reverse.”

      • tonycawley – “But should passwords be encrypted?”

        Yes. There is no technically feasible answer that Sony could give for not having user passwords encrypted or hashed.

      • Kovacs – I consider myself very tech savvy – I’m good with computers (what I need them for) or have no problems with any device I’ve ever tried to use. What we’re talking about here though goes way beyond tech savviness and into the grounds of degrees in IT or electronic security. I had questions, you provided high quality answers. I still don’t think they needed everyone’s passwords though, that’s a separate issue. Personal data was stored separately and not encrypted.

      • I am interested though, where did Sony admit to not hashing user account passwords? I’ve not actually seen any confirmation, only that credit card info was encrypted and “personal data” wasn’t.

        There would just be no reason for them to be stored as plain text. Whatsoever.

      • are our passwords encrypted for this site? can you say yes without having to check with those in charge?

        plus I know for a fact that passwords are not always encrypted, and if they happen to be encrypted, it’s certainly not at the level that credit cards are encrypted with.

        once again, will you people try and understand that Sony didn’t just leave this information in the open for any of us to look at, the hacker made his/her/their way through different levels of security to get to the root…probably just for the buzz…possibly just to piss Sony off…hell, it might even have something to do with the stocks, cause a scare watch those bonds fly about.

      • What I meant by that was that everyone’s personal details were stored on a server. They hacked access to that server and downloaded. Surely they didn’t require everyone’s password to get access to that server?

      • MaD dOctoR 79 –

        Yes, your passwords on TSA will be hashed. TSA runs on WordPress which hashes all user passwords.

        Admittedly, there will be sights that don’t hash passwords. If you know for a fact some sites that don’t, then you should contact them.

        As for your final point, it doesn’t matter what other security or measures Sony had in place. There is absolutely no explanation or reason they could have for not hashing user passwords. When a company holds the data of 77 million users, you don’t rule out or disregard security practices simply based on the pretence that the chances of it happening are remote.

        If it turns out they didn’t hash user passwords, it’s nothing but pure negligence on Sony’s part.

      • Pemberton_

        I could be wrong but I don’t think hashing and encryption are the same thing…

      • They’re not.

        Encryption should be reversible, hashing shouldn’t. There’s no need for someone to see what a password really is.

      • There is more to security on the network as a whole than JUST psn id passwords

      • they didn’t require people’s passwords to gain access to the server where they were all stored, but now they have them no security will stop them accessing the account of somebody who doesn’t change it as soon as the psn is back up.
        what’s gonna stop them from putting your account on a ps3 they own and emptying your wallet?

        there are bound to be some people who wont be able to change their password straight away for whatever reason.

        if the passwords were encrypted, that should not be an issue, but they weren’t and it is.

      • Tony, that’s not how logging in to a site works.

        Let me explain:
        Say you run your password through a function called “md5”. You then store the output of that function in the database.

        If someone then logs in with a password, they’ll then run the login password through the “md5” function and compare the result of THAT to the value in the database.

        If they match, it’s a valid password.


        Tbh I’m surprised why people believe passwords weren’t encrypted.

        Are people seriously telling me nobody ever ran a packet sniffer on the data your PS3 sent to the server and found “holy shit, that’s my password in plain text!”?

        Or perhaps you’re telling me you believe they encrypted the password on the packet, then DEcrypted it before storing it in the database in plain text?

        Really, guys? Really?

        Just because the password is encrypted doesn’t mean it’s impossible to retrieve it. Thus, if someone gains access to the encrypted password, it still counts as obtaining your password.

  4. You could look at it from the point of view that every letter of every word Sony release officially is being discussed all over the internet. They are therefore, somewhat understandably, reluctant to say anything unless they have a pretty damn good idea that it’s correct

  5. I think that Sony have pretty much behaved in an exemplary manner regarding the whole ordeal. Switched off the service as soon as they discovered what was happening, informed customers as soon as they had concrete information from an expert investigation. As you note, most of the information can be accessed from other sources, so I’m not hugely worried about what was taken, but I honestly don’t see what Sony could have done better in this situation.

    • I think the biggest issue is that they’re not talking to their customers. This is breeding the rumours that are getting wildly out of hand. I’d rather a frank, honest “We can’t be totally sure” than the late, vague and uninformative statements we’ve had. At least that would hint at the belief that their customers have the sense to make their own decisions regarding the very real and very serious risks.

      For example, I’ve seen multiple reports stating that Sony knew that the card details were taken on the 19th and still didn’t tell customers until the 24th. That’s illegal. I’ve also seen various places state that the information should all have been encrypted (at the very least the secret question stuff should be) and that it wasn’t. That’s something Sony should have done from the start – or at least that’s what the public perception, blessed with hindsight as it is, will be. Ultimately, it won’t matter whether these reports are true or not, the perception of their truth is far more important and that seems to be swinging dangerously out of Sony’s favour.

      All communication from Sony has been ambiguous. Were credit card details taken? Were those files easily opened? Is our security question and response saved as plain text? We don’t know and we really should. If Sony know but aren’t telling then that’s terrible customer service (at least, it is probably actually illegal in the EU) but if they simply don’t know, a week after the incident, then that’s gross incompetence (at least in the eyes of many customers).

      I am not personally too annoyed and I think that the wailing and gnashing of teeth we’ve seen around the net is ridiculous but I do think that Sony have shown a very worrying lack of respect for their customers. I’d like that addressed so I can begin rebuilding my own personal trust bond with a company I have always had a strong admiration for.

      • They were talking to their customers, that’s why we had the blog posts daily, which didn’t have too much information because they simply didn’t know the scale of it as well as what actually happened, and once a overall conclusion was made and proved, they told everyone, on the blog, website, emails, and the press, and sure did the word get round quickly.

        I think they’ve done everything they could, and with 77m accounts being in that situation, wanted a definite answer before they told them about it.

        Also you say about multiple reports, well they are all rumours and at a time like this any new information would give a website a ton of hits.

        Sure they might have of handled this a little better, but i think they’ve done a damn good job at it, and now we can just sit back and wait for our service to be resumed. It’s not like they had asked for this to happen…

      • Some of the answers Sony don’t seem to know and those that they do predominantly seem to have been answered on the EU site/blog within 24hrs of first announcing the breach.

        Sony have certainly acted better than many other companies that have had breaches. Many sites and organisations have been hacked before with as/if not more info stored and there has never been talk of compensatation and this level of detail released.

        Maybe next time Sony will leave the PSN running and just send e-mails out (3 months later ) like play.com (who do store expiary dates and card security codes) saying that data may have been taken and leave it at that.

        Taking down the PSN seems to have alerted more to the potential problems. The number of accounts seems to have escalated it as well despite the number of “fake” accounts in existance.

        At present there are a lot of news outlets and websites putting out “stories” and rumour in order to attract hits and bring in more money for themselves. Many are being opportunistic rather than actually helping (I’m not pointing any fingers at TSA just to be clear).

        What amazes me most is when you compare this to the other big current hacking case (as in phone hacking) that nost of the hate has been directed at sony rather than the hackers compared with the papers getting the hate rather than the companies who should be providing secure lines.

      • @colossalblue – Firstly is it illegal? I’m pretty sure that they are trying to pass laws on this stuff but nothing is law yet, and if so the time-frame is a bit iffy.

        Asides, we have had no ‘confirmed’ reports that they knew on the 19th, only people saying their banks said they were contacted, yet when others phoned these particular banks they said that was not true.

        Ambiguous how? They have no evidence that they were taken. That means as far as the external security firm are concerned they weren’t but it keeps people on the alert regardless. We’ve also had confirmation that they were encrypted. Although I concede on the security question issue.

      • As for the damage that this will cause Sony’s image, I’m laying that blame wholly at the feet of the press.

      • But the answer: We are not sure would probably have made the people who love to complain angrier, because they have NO news. Sony cannot get a word in edgewise at this point from being bombarded by all angles while trying to sort the problem – no wonder they ended up with legal crap and doublespeak – people wanted news regardless, they get – are not happy, they dont get it – are not happy.

      • I’d rather a company establish facts before they provide them. All the evidence shows that is what Sony did. There was no radio silence, just holding statements until they knew what had happened.

    • “Switched off the service as soon as they discovered what was happening”
      no they didnt they waited 3 days to do that and left the door wide open for the hackers to take whatever info they wanted

      • They knew they were hacked then, but they are getting attempted hacks 24/7. They only realised this one was serious come 19th, therefore they then immedietly took the psn down

      • no they didnt they switched off the servers on Wednesday evening 20th 3 days later NOT 2 regardless of if they knew they were getting hacked then and then 24/7 is besides the point they should of turned the servers off on the 17th when they knew they were getting hacked to stop the hackers getting access to our personal info instead they waited 3 days to do that and left the door wide open for them. the hackers took info between 17th and 20th which is when the servers were switched off

      • not if they did not actually discover the problem until 3 days later

      • You do realise that every single service on the net is constantly under attack? Most attacks fail or are no threat. If service providers shut down every time they had one, they’d never be available. My own employer is the target of hackers at least 5 times a DAY.

      • Squashme, you are wrong. They turned off PSN immediately upon learning of the intrusion. The did not ‘wait 3 days’. You are just plain incorrect.

  6. I believe SONY will come out stronger for this breach in data proteection. SONY know all too well what happens when they get lacks. SONY WILL find those responsible and then move on.
    (I still think the SNES is the best console EVER!)

    • I assure you they are extremely unlikely to catch the perpetrator of this. They were obviously fairly handy if they managed to get in so to also be careless enough to be traced seems unlikely

      • if they were careless enough not to block their IP Address then Sony have a high chance of catching them as their IP Address will be logged on their servers

      • squashme, it’s clearly evident you have no idea what you’re talking about throughout this thread. anyone hacker sophisticated enough to do this did not blindly use their home IP address. stop spreading fud. do some research. you’re wildly overreacting.

    • “SONY WILL find those responsible and then move on.”

      I wish I had your crystal ball. Can you tell the CIA where Osama Bin Laden is as well? They’re still looking.

      • Trying to be positive here :)

      • If he has a PSN ID then someone can find him, they’ll have the address of his cave now.

      • He died in last decade, why else can one of the most powerful nations on earth not find him?

      • Maybe they don’t want to. It gives them too much “power”

      • all they need to do is find out who is still buying vhs tapes follow that trail and bam, they have him.

      • “Can you tell the CIA where Osama Bin Laden is as well? They’re still looking.”

        Yeah, that’s the same…..

      • Cort, my OBVIOUS point was that the US said they’d find bin Laden. They haven’t. The poster said Sony WILL find the hackers. He can’t predict the future. It’s called analogy. Look it up. I never suggested a data hack was the equivalent to a terrorist attack. Jesus.

      • @Kovacs
        The CIA had a tip off and found and killed Osama Bin Laden in a mansion in Pakistan (I was nothing to do with the tip off)
        So, i will say it again, “SONY WILL find those responsible and then move on.”

    • Mega Drive > Snes

      *flees

  7. I guess we still don’t quite have the full picture and it will be a little tough to gain back support of the mainstream but if they’re really working hard to relaunch PSN with a much better security in place then trust will be easier to gain back. I’m a die hard playstation supporter and will continue to be but do have an xbox as a backup.

    I think people (mainly news media) need some perspective on this. It was only a few months ago that Paypal, Mastercard and Visa were attacked by hackers (i think that was Anonymous) and they’re not exactly loosing customer confidence (granted personal info was not stolen but their system was broken into). The better security systems are the better the hackers get and thus it will always be this way.

    • I’m not sure their systems were broken into. Their websites were brought down with DDoS attacks but that just crashes the site, it doesn’t deliver data.
      I’m not a security expert though, so I could be wrong.

      • You are right CB. A DDoS is easy to execute and very hard to protect against but it just stops people being able to use the site. It doesn’t involve actually getting past any security so it’s nothing like stealing personal data.

      • Spot on Colossal. The DDOS attack only brings down the server. When Visa went back on they messed up though and that was when Anon got a few details. They just point out weaknesses.

      • Except that a DDoS is also very usable as a method of disguising a hack on another branch of a company’s network. You make a big fuss out one side of the castle, then tunnel in underneath the walls elsewhere to steal the princess.

    • Isn’t that the key point? Yes other networks have received attention and all probably do on a daily basis, just like many websites, but Sony’s actually fell over & spilled the beans.

      And given that Sony were in the middle of both a hacker & pr ‘war’ where there system’s ports were probably being ‘probed’ far more than usual, would it not have been right to have a look at the networks security

      • This wasn’t a DDOS. This was a concentrated hack. The two are completely different.

    • I refuse to buy Microsoft, and I don’t like the presumed attitude of throw money at it and get our own way. I stick with SONY even after this just stick more cautiously

  8. Sadly, only time will tell. The damage to the brand will only be known in time.

    I for one will continue to enjoy my PS3, but its sad, a sad day for Sony, Gamers and Gaming as an industry.

    Hacking or any sort regardless of platform, intention, or direction is wrong. The fact that if Sony collar these CNUTS that have potentially ruined [I HOPE NOT] my fave gaming console is unforgiveable.

    The damage that has been done and potentially could happen is fucked up. The fact that a little fucker called GEOHOT decides to break the law, then the rest of them climb out from under their rocks to create such a huge digital crime, it will go down in history.

    Its so, so, unfair its untrue. What started out as some fame hunting for that twat Geohot has left a yawning, gaping hole in the future of Playstation.

    No matter what anyone says, it stems from him and the rest of the legal stuff attracted more interest.

    The fact that if they track them down, more will come out of the wood work, means that justice doesnt exist?

    It is simply a terrible situation to be in. I look at my PS3 and feel sorry my fave pass time.

    I really hope they can come back from this though, long road ahead, whether its possible or not is another story?

    **turns the ROCKY soundtrack CD up**

    • If it wasn’t for Geohot I wouldn’t have a jailbroken i-pod. I don’t agree with how he shared the security keys but he is good at what he does.

      • condoning what he did and does is nice at all geohot is solely responsible for this if he didnt do what he did we would all be playing online right now

      • ***NOT NICE AT ALL

    • I agree, but Justice does exist just hard to catch every last cockroach in the woodwork

  9. While, no doubt, Sony should have let us know earlier, I think the actual hack has been blown out of all proportion. There have been plenty of other online networks that have been hacked over the years, and no doubt there will be plenty more. I’m afraid it’s just one of those dangers we all face in a digital, connected world.

    • I agree, it’s dangerous out there. Many organisations, large & small are under attack all the time (even small independant ecommerce sites, who run php-driven stores) but full-scale data breaches don’t happen all the time, other networks don’t give up the goods & if they do surely hundreds of gigs of data transfer is noticeable so plug could have been pulled during rather than after the event.

      But if there were any failings on Sony’s part, we deserve to know and they shouldn’t get a free pass on it until we do.

      • This last week proves they dont have a free pass at all

Comments are now closed for this post.