The fallout from the PlayStation Network hack will be felt for weeks, months and years to come.
We don’t know what’s been stolen from the PSN, but it’s reasonably safe to assume that it’s everything. So, while some might not be particularly worried about credit card theft – after all, you just need to call your bank and they’ll cancel that number and send you a new card – it’s the way this was managed and reported that could end up causing the major issues.
We’re starting to hear, from banks, that they were alerted to the intrusion on or around the 19th, comments from TSA members and beyond suggesting that Sony informed the financial institutions even before they switched off the authentication service on the PSN. We can’t verify this ourselves, but based on what we’re hearing, this is starting to gain ground.
It was on the 26th of April that Sony managed to pull themselves together and tell us what had happened. If the intrusion was between the 17th and the 19th, that’s pretty much a week. A week in which the hacker(s) have seemingly had access to our data – credit cards, purchase history and – worst of all – enough of our ID to start to make some waves.
Name, address, date of birth, security question. It might all be ‘protected’ but it wasn’t encrypted – once the protection broke all this is in the clear, and – potentially – available to anyone. If your security question was your Mother’s maiden name, consider that another blot – ID theft is on the increase, and upwards of seventy million accounts will be a goldmine for the black market.
It’s true to say that this loss is causing a huge problem for Sony. I’m not personally too worried about identity theft or the data that could potentially be seen. Aside from my credit card number, all the data they had access to could have been gathered just as easily by picking through my bins. There will be many who have even more sensitive data than the stuff Sony lost, in public view, on their Facebook pages.
But think about this – if the information is distilled into a searchable list, what’s to say that the next time you’re online the person you’re playing against can’t look up your PSN ID, get your real name and start taunting you? They’ll know your real address, your birthday. And if they’re linked in the database, they’ll know the details of your dependents and sub accounts. It’s this uncertainty that breeds this speculation and Sony’s reluctance to offer comprehensive information only serves to compound that issue.
Make no mistake, people might be happy to say that Sony did the right thing in switching off the service, but the information was – everyone assumes – already extracted and who knows where it could all end up? Scaremongering has been rife since the day the PSN went down, but all this is very real and far too easy to understate: ID theft is a hugely serious matter.
What can we do? Nothing, really. If you’re already signed up to an ID protection scheme then just keep an eye on your credit rating to ensure nobody’s taking out credit in your name, or companies aren’t doing credit checks against you, renting flats, hiring cars, that sort of thing. Just stay vigilant, and hope that the information doesn’t end up on some torrent.
What this debacle has done for me is make me begin to take the measures I should have been taking all along. I use a password generating program to make and securely keep my passwords now, I won’t store my credit card info online again and I’ll even start shredding real-life sources of this data before they go in the bin. It’s always sensible to keep a close eye on statements and accounts but this fiasco has brought that need into sharp focus once again.
As for Sony and the way they’ve handled the communication with customers, let’s just say we’re far from impressed. The eventual statement read more like a legal/PR exercise than a truly apologetic one as it should have been, with more get out clauses than answers – why did it take a week? Why wasn’t the security answer one-way hashed?
Did they actually breach the network and get full access to the databases (and thus managed to dump everything) or did they sniff out packets from PS3s as they went back and forth to the servers, limiting the damage to just those that were connected? We’ll probably never know, resulting in constant doubt about our identities.
I wouldn’t doubt that Sony are the only company to have had problems like this and we simply don’t hear about it in many other cases. I think the fact that the network has been taken down and is being rebuilt means that it gets a larger place in the spotlight than most companies would give it. For me, though, the security risks are of minimal concern. For me, the bigger issue is the bond of trust that has been broken.
Sony’s reluctance to say anything substantive for a week and then their eventual statement still being largely uninformative is a shambles. When their consumer base needed abject humility, they got legal base covering and vague doublespeak. Customers still don’t have all the facts of the matter or a firm timeframe to expect the service to return. Many people are now paying a subscription for a service which doesn’t exist (PS+) and they have no idea when it will be back.
Will the PlayStation brand ever be the same again? It won’t be easy for them. In a gaming landscape which is becoming more and more dependent on connectivity, digital distribution and micro transactions, Sony have effectively told their consumers that they can’t be trusted to handle these aspects. Even if the network is rebuilt as the most secure in the world, regaining that public perception could be a major stumbling block.
The die hard fans will remain in force, but some of us will be far more reluctant to give Sony (and other major companies) such delicate information in the future – we won’t know the far reaching consequences for some time, but just now this has all been an unmitigated disaster, and one of the biggest leaks in modern history.
There are insane amounts of hyperbole being thrown around the internet about never trusting Sony again but there is an element of truth in there. The simple fact is that much the consumer base will feel that Sony let them down with their silence. That bond of trust is much more difficult to recover than security on a server.
Shakugan
They know my address, are they going to visit me? :D
tyrant161
I worry about the long term affects that this will have for Sony and more importantly, it’s console owners. How bad will this affect new console sales? i would suspect that most parents buying a games console for their kids will have seen all this about the hack on the news and decide to get their kids an xbox360 instead…if this is the case and sales suffer, will developers start to move more to xbox360 just as it was when ps3 was first released and the 360 got more games and better versions of the multiformat games too. The ps3 has only recently in the last year become more popular with developers and it is being used as lead console for development more and more, not to mention the ps3 exclusive extra content that it keeps getting for multi format releases as well. Will this hack,put devs off and set us back to square one and also cause some ps3 users to re-evaluate thier choice of gaming provider then look at the 360 and consider a console swap? I hope not…..but i do worry.
tyrant161
Sorry…effects….i must start to check before i post lol.
Roynaldo
What annoys me is that I have to pay to see my credit rating. Its information about me! Why do I not have the right to see it?
Danny-c-2k9
Come back online psn ffs
squashme
Tuesday buddy
squashme
in other news I can see this been on Watchdog tonight with Ann Scrawny Robinson
squashme
OMG it is on Watchdog
GTRsannin
Well maybe there is a silver lining in this developers might start concentrating more in single player part of the games rather than wasting so much time on the multilayer
squashme
yeah I doubt that very much but it would atleast be nice for developers and publishers to take advantage of this downtime to do maintenance on their own games servers like making them more stable for instance
MXZ
I really cant say i hate Sony for this whole event as ive been thinking of this from a different angle.
its not like i gave my information to Sony and they used it to torture me. its more akin to giving my info to Sony and then said info being stolen by a 3rd party (who would then torture me)
i respect Sony, but cant deny that they were foolish to not have better security.
however i also have a strange form of respect for the hacker (he sent the world into a huge blind rage without even trying, thats encouraging)
i think that once PSN is back up, the havoc and confusion will die down fairly quickly and the world will be once again peaceful.
however, much like with the dullplae early release of the PS3, this tragic even will forever be a part of Sonys history (whether they exist 10 years from now or not)
InternationalGamer
We just need to cleary know what was taken and what was not, expecting a update from Sony.
TSBonyman
I feel the same. Of course people should take whatever precaution that helps put their mind at ease in the meantime.
Everyone’s entitled to vent but i personally can’t get my rant on until i know exactly if and how badly i’ve been affected.
bigkingy
I’ve often thought that a camera, (PS eye) constantly connected to the internet could be risky. Just hope the hackers haven’t been watching us all!
Winkle
what you people have to remember is that no matter how much you replace cards, change password etc all you have to do is go into a shop and use your card with your pin number and you can be fucked there and then. All anyone has to do is clone your card from where you used it, they know your details and they have access to your account asap. I had this done and had £1500 taken straight away. So stop trying to rumour monger and install panic into all this so called breaking news. Its life get the fuck over it and move on. Its not Sony’s fault its what it is.