With Sony's network outages now in the third week, CEO Howard Stringer has issued a personal and corporate apology. But Sony's troubles may not be coming to an end, as reports indicate the company could be hit with another attack this weekend.
In an open letter published Thursday night on the PlayStation blog, Stringer apologized for the "inconvenience and concern caused by this attack." He added that, "to date, there is no confirmed evidence any credit-card or personal information has been misused."
He noted that, in addition to offering a year of free credit monitoring and a $1 million ID theft-insurance policy to U.S. PlayStation Network and Qriocity music service customers, the company has issued a "Welcome Back" package -- for when the networks are back up -- that includes a month of free PlayStation Plus memberships for existing PSN customers and an extension of subscriptions for PlayStation Plus and Music Unlimited customers "to make up for time lost."
The ID-theft offer is through AllClear ID Plus from Debix, provided at no cost. Sony said activation e-mails for the program will be sent out in the next few days, and users will have until June 18 to sign up through AllClear ID. The offer includes cybermonitoring and surveillance of criminal web sites for the user's personal information, priority access to on-staff licensed private investigators and identity-restoration specialists, and a $1 million identity-theft insurance policy for each user.
But the barn door may not yet be closed. According to various reports on the web, chatter in hacker-oriented channels and sites suggest that some hackers still have access to Sony's servers and intend to capture and release more personal information over the weekend.
Some observers have suggested this new attack, if it happens, could come from disgruntled users of Sony's PlayStation Network, Qriocity music service, and Sony Online network, who are angry that the company took more than a week after the original outage to inform users that their personal information may have been stolen. This may -- or may not -- be the same group that conducted the original break-in.
'Security Soap Opera'
In a letter to a congressional subcommittee, Sony indirectly accused the hacker group Anonymous of being behind the attacks. But Anonymous has twice issued statements denying that it brought down the networks and stole the personal data. The group previously acknowledged its role in denial-of-service attacks on Sony web sites, in retaliation for what the group saw as Sony's harassment of a user who ran unauthorized software on a PlayStation and made the software tools available to others.
In his open letter, Stringer said "it's a fair question" to ask if the company notified customers as soon as it should have. He added that "it took some time for our experts to find" the hackers' tracks and to "begin to identify what personal information had -- or had not -- been taken."
Chris Christensen, an analyst with IDC, said that, based only on the information available, "Sony may have underestimated the value of the privacy information it held." The credit-card numbers, for example, were encrypted, while other confidential user information -- such as names, usernames, e-mail addresses, or birth dates -- was not.
Christensen noted that the value of non-credit-card information has increased "radically in the last three to five years."
He tends to believe the break-in was conducted "by a professional criminal organization, doing this for profit," rather than by the politically oriented Anonymous.
In any case, he said, the size and length of this breach, and Sony's visibility, makes this "definitely a watershed event, a security soap opera that doesn't seem to be ending." He speculated that, at the very least, there will be a "wave of governmental hearings and possibly a wave of new security legislation."
Posted: 2011-05-08 @ 10:50am PT
They shouldn't have messed with an innocent jailbreaker.
The attacks are going to keep coming until Sony backs down. If Sony believes people are hacking their systems, they are right now.
The attacks WILL NOT STOP until someone at Sony grows a brain. And until then I'm sorry PS3 owners, you will be out of luck :)
Posted: 2011-05-07 @ 5:49am PT
Unfortunately, the identity theft “protection” that Sony is offered via Debix is woefully inadequate. In fact, it may actually do more harm than good. Sony simply rebundled Debix's current free offering and added a worthless $1 million identity theft insurance policy (have you ever heard of anybody collecting on an identity theft insurance policy?). First, it does absolutely nothing to “prevent” identity theft, and it is missing the most effective tool for preventing financial identity theft: fraud alerts. While they are not perfect, they are much more effective than “scouring the internet” looking for your information.
Posted: 2011-05-06 @ 7:17pm PT
Attention Barry Levine and the whole world, video games are what keep people from losing their minds, like smoking a cigarette. And ps3 is addictive.
Posted: 2011-05-06 @ 7:11pm PT
New security legislation? You can't legislate security. It is already a crime to break into someone's computer and steal personal information. Didn't stop the criminals, did it? Legislating security is like legislating common sense. Pointless, stupid, and in the end, because of the bloat and overhead of the bureaucracy needed to administer stupid laws, ultimately, counter-productive.
If you have a contract with your service provider that guarantees the security of your information, then sue them into oblivion... that is a far more effective way of getting the attention of corporate security people and the suits they report to. If you don't have such a guarantee... why not? People had best start demanding them.
No politician or law is going to do anything of any value for you. This is a private matter between you and the people you give your information to. But people don't give a **** about privacy any more, witness the idiocy of "social networking". People better start paying attention. Just wait until the first time Facebook gets hacked and 500 million people's personal information is compromised.
Posted: 2011-05-06 @ 7:03pm PT
All sony had to do was bring back online game play a long time ago and now they are making everyone mad. I've got a bad feeling that gamers might trash sony products at retail stores if " SONY " doesn't give these guys something to calm their minds.
Posted: 2011-05-06 @ 4:26pm PT
This is going to cost them customers. We are constantly being told "soon". Well forgive me playstation users have heard this for over 2 weeks and the online gaming community has heard this all week. NO ONE has given us an idea of the estimate of time. This damn soon is wearing thin. They can't communicate with us because they don't want to tell us the damn truth. Well a lot of us are sick and tired of it and are considering pulling our account period.