/ Technology

Have you lost faith in Sony since the PSN data breach?

PlayStation Network

Sony’s PlayStation Network is finally booting back up after almost a month offline, due to the gaming service being breached by hackers. But has the whole debacle made you lose faith in Sony?

On 20 April 2011 the PlayStation Network (PSN) went down. PlayStation 3 and PSP gamers went cold turkey without online gaming, and users of Sony’s Qriocity suffered withdrawal symptoms when their movie and music services were also withdrawn.

For many the pill was especially hard to swallow, as Valve’s highly anticipated Portal 2 came out the very next day. As well as featuring online co-op, the PS3 game included a free PC version, which required activation through – yes, you guessed it – the PlayStation Network.

Delayed communication from Sony

It was almost a week until Sony admitted that the service had been hacked, with the personal data (potentially including credit card details) of 77 million PSN users being taken.

We’ve already questioned why it took Sony so long to let customers know that their details may have been compromised. The delay was said to be due to an investigation into the breach taking time. Still, the message I’ve heard from many gamers is that they would have liked Sony to have been more open, sooner.

This feeling continues with gamers waiting for news on when the PlayStation Network would be back up. The message falling out of Sony HQ continued to be ‘in a few days’. Helpful.

Thankfully, almost all countries (apart from Japan) were back online yesterday. And although the service has been buckling a little under the weight of PlayStation gamers jumping on-board, I suppose that’s to be expected.

Will you stick with PlayStation?

Kaz Hirai, Sony’s executive director, has explained that the company’s making ‘consumer protection a full-time, company-wide commitment’. This, of course, raises the question – why wasn’t it a commitment before? And is Sony’s renewed vigilance good enough?

Hackers might be to blame, but in the end, Sony’s lack of security was also at fault. The company may have beefed up the service, but are you willing to put your trust in Sony and take the chance again?

This was the question put to CNET’s readers in a Facebook poll – 53% said they’d possibly trust Sony again, with 34% happy to let bygones be bygones. Only 13% said they’d never trust the company again and were out to buy an Xbox 360.

So we’re interested to see which side of the fence you come down on. Have you lost faith in Sony? If you have, will you move to the Xbox 360, or simply keep your credit card details well and truly off the PlayStation Network?

Have you lost faith in Sony since the PSN data breach?

No, I'm sticking with Sony (59%, 216 Votes)

Possibly, but they'll have to win me back (24%, 87 Votes)

Yes, I'll be avoiding the company (17%, 62 Votes)

Total Voters: 365

Loading ... Loading ...
Comments
Guest
Paranoimia says:
16 May 2011

Haven’t lost faith at all. It could, and does, happen to anyone.

I’ve been the victim of card fraud before, and while I was initially very concerned, it turned out to be nothing more than a minor inconvenience what with getting replacement cards etc. The money charged to my cards was refunded very quickly. So far, I’ve lost exactly nothing as a result of the PSN breach.

It did lead to me cancelling the card on file with PSN, just in case – but I’d been planning on cancelling it for some time anyway, and didn’t do so purely as a result of the breach.

As for my name and address and various other details – anyone can get hold of most of that info from the electoral register and/or 192.com, and several people who work for Royal Mail see those details every day.

Yes, it was a major breach, and perhaps it shouldn’t have happened. But when bank, government and even FBI networks get hacked, it’s hardly fair to single out Sony as some sort of bungling incompetents. Doubly so, since we now know that their software was up-to-date and any data that had to be, was encrypted. One independent security expert has already said that Sony’s response was ‘by the book’ for an attack of this nature. If anything, I would hope/expect that Sony’s network is now one of the most secure out there as a result of this.

The one thing that does concern me in all this, though, is how the perpetrators allegedly managed to create an account with Amazon Web Services using fake company details, which was then used to power the attack. I’d say Amazon have at least as many questions to answer as Sony.

Profile photo of Victoria Pearson
Guest

I lost faith in Sony’s ability to keep personal details safe last September when someone used my sister’s Playstation Network account to empty her bank account completely. She was on holiday abroad and lost all of the money that she was going to use in her second week.
I am just happy that the card I used when I set up my Playstation account has expired. I won’t be giving them my new card details.

Guest
Paranoimia says:
16 May 2011

Sounds like she had a debit card registered, which is always a bad idea since it provides direct access to your account funds.

However, it doesn’t sound like it was Sony’s fault. More likely is that either the password wasn’t particularly strong, or she had her details phished elsewhere. Perhaps even came unstuck from account sharing, which a lot of people do to get ‘free’ games, since you can download a purchased game on up to 5 PS3s using the same account details. (One person buys a game and shares it with 4 others; next time another person buys a game and shares it with you, etc.) I’ve often been shocked at how many people on the net seem willing to pass their details on to what are basically complete strangers.

Whatever happened, you’d have to go some to empty a bank account via PSN. You can only transfer the funds into a PSN account, nowhere else – and you can’t transfer them out to another account. So whatever you charge to the card can only be used on PSN. Plus, you can only have a maximum of £100 in a PSN wallet at any time. Emptying an account would be a laborious process, even for the most determined gamer/thief.

Guest
HeavY says:
16 May 2011

Haven’t lost an inch of fate, and would NEVER get any other console

Guest
Brett says:
16 May 2011

I’ve not lost faith in Sony. But I have lost faith in all journalism (not just because of this incident though) and this article is further proof that no body gives a toss about facts and that all they want to do is spread miss information to either cause further panic or to gain more readers.

This is in reply to your point about the delayed communication of course. And I will start by responding to your second paragraph.
Only idiots have questioned why it took Sony so long to to let customers know. People with an ounce of intelligence could see that Sony passed on any information they received as and when they received it. They didn’t keep us in the dark for a week, they didn’t know themselves what had happened.

In fact this whole instance has given me more faith in Sony, because during this incident they never once deviated from the “by the book” procedure of how to deal with it. I am of course referencing them taking down the network instantly and hiring outside security experts and investigation groups to assist in understanding what exactly happened and how.

Profile photo of Patrick Steen
Guest

Hello Brett, thanks for your comment. I’m very aware of what Sony had said about the delay and this is mentioned in the Conversation (“The delay was said to be due to an investigation into the breach taking time.”) And I happen to agree with your statement that they told us as soon as they knew conclusively. It is still, however, true that many gamers were upset that it took so long. There is also the argument that the company should have revealed the possibility of a data breach before they were absolutely certain.

This is a very small part of the Conversation, with many other topics of discussion – I don’t feel the question of losing trust with Sony hangs on its ‘late’ response.

Guest
Brett says:
16 May 2011

@Patrick: The point I’m making though is that rather then reporting on many gamers opinions you should be reporting on what facts have been presented to us. Sony called in outside investigators when some of their servers began to act strangely. They didn’t know they had been hacked at this point.

There really isn’t much to have a discussion on here. A lot of people are just saying they’ve lost faith in Sony because they are impatient and wanted online back up within a week. Whenever I’ve debated this with someone they are always stumbling upon themselves to actually find a reason to have lost faith in Sony concerning this incident.

If people are expecting other companies to act differently should this happen to them then they’re in for chilling surprise.

Profile photo of Patrick Steen
Guest

To be fair Brett, this Conversation is about what gamers and customers think, and part of that is whether they believe that the ‘delayed’ response was justified.

I’ll have to correct you on when Sony knew they were hacked – Patrick Seybold, Sony PlayStation’s senior director of corporate communications and social media, admitted on April 26th on the PlayStation Blog that the company learned there was an intrusion (or hacking) on April 19th. They then closed down the network and started investigating – they didn’t confirm that consumer data had been taken until the 26th April. http://blog.us.playstation.com/2011/04/26/clarifying-a-few-psn-points/

There still remains the argument that they should have made gamers aware of this potential breach before that date. Though I do understand why people feel that the delay was justified, as the company let its customers know as soon as they knew a data breach had definitely happened.

There can be many reasons to lose faith in Sony in this case, the most simple being that customer credit card details had possibly been taken.

Guest
Brett says:
16 May 2011

And gamers and customers tend to form their opinions on what journalists publish. So if a journalist is publishing miss information then that needs to be corrected.

Also not quite. See, Sony suspected on the 20th there was an intrusion. It wasn’t until the 25th they’d discovered that there was actually an intrusion and that the intrusion had effected the servers that manage personal information.

And if there are any nay sayers out there who believe Sony were lying about the timeline of events, then simply put, they cant. Because the investigation being handled by outside sources means if Sony were to lie, those investigators will have to come out and say so.

And also, no consumer credit card details had been taken, Sony only announced for people to be vigilant about their credit card information, and went on to note that there was no evidence suggesting that any credit card information had been accessed.

Guest
koolll says:
16 May 2011

R.I.P Sony

Profile photo of alistair
Guest

Sony are very lucky to have such complient and subservient consumers as Parawotsit and Brett.

Guest
Paranoimia says:
6 June 2011

It’s nothing to do with being ‘complient’ (sic) with Sony. It’s about knowing the technical ins-and-outs of how this stuff works, and using that knowledge to form a sensible, informed opinion, rather than having a knee-jerk reaction to sensationalist media headlines.

Security kings RSA were themselves hacked in March, with sensitive information about their security processes being stolen. This has in turn led to successful hacks on the networks of military contractors who use RSA encryption, including Lockheed Martin, whose servers contain details on military equipment used in Iraq and Afghanistan.

So as much as the media and others may like to suggest that Sony were somehow hacked purely as a result of their own incompetence, it’s quite clear that anyone who has a network with external access can be hacked, no matter how secure they think they are.

Profile photo of Patrick Steen
Guest

Sony has announced its Welcome Back programme for PlayStation gamers. I’ve included the European details below:

“Two PS3 games from the following list: LittleBigPlanet, Infamous, Wipeout HD/Fury, Ratchet and Clank: Quest for Booty, Dead Nation
For those with PSP accounts, you will also be eligible to download two PSP games from the following list:
LittleBigPlanet PSP, ModNation PSP, Pursuit Force, Killzone Liberation
– 30 days free PlayStation Plus membership for non PS Plus subscribers
– Existing PlayStation Plus subscribers will be given 60 days free subscription.
– For existing Music Unlimited subscribers, you will be given 30 days free subscription.
– We are working on a Welcome Back offer in PlayStation Home and will share that when it is confirmed.”

http://blog.eu.playstation.com/2011/05/16/details-of-the-welcome-back-programme-for-scee-users-2/

Good enough? If your faith was waning, does this help win you back?

Profile photo of dragilex
Guest

I have not lost faith in Sony. Any company no matter how big or protected, even government agencies, can be hacked by the most determined collective of tech savvy people (Eidos/Square Enix also got customer details hacked recently). It was unfortunate for Sony that they had become a target. Should they have put more encyption in place, probably, but I’m sure if most companies got hacked today they’d be in the same boat as Sony. Sony will now be a pretty safe place for your card details to be that’s for sure. I’ll be keeping my PS3, I’ll be keeping my card details registered and I’ll continue to buy things from the PSN store. I check my bank account on a daily basis so I’ll know if anything is amiss and once the European personal details insurance package legal bits are sorted we’ll all be fine.

As for the welcome back package it’s a shame I’ve already owned 4/5 games. 60 days bonus time on my PS+ membership is welcome though. Guess I’ll look forward to Dead Nation. The selection could’ve been better (several are already offered to PS+ members) but its nothing to be sneezed at.

Profile photo of dean
Guest

Well, I was a god on Black Ops last night so I guess my faith is returning!! The missus is working in the US this week so I am very happy that this is now back up and running 🙂

I like it how the “fix” was “change your password” – I’m surprised they didnt just say…reboot! 🙂

Profile photo of Patrick Steen
Guest

There appear to be some problems with this ‘change your password’ business. They’ve taken this service offline for the moment due to the rumoured ability to reset a PSN users password with just their email and birthday. Hopefully it’ll be up again soon. Online gaming is fine if you’ve already managed to change your password. http://www.eurogamer.net/articles/2011-05-18-sonys-psn-password-page-hacked