Sony’s Playstation Network has been offline for over a week, leaving users confused about what’s going on. So why did it take a whole week to hear that personal information – including bank details – may be missing?
How do I know when a gaming story has become ‘big news?’. Not when it appears on the BBC homepage, or gets mentioned on the News at Ten. No, I know when a story has really broken when my Mum mentions it.
So it was this morning when I received a text from her, asking if my credit card details were safe, and I knew that Sony were going to face a big PR battle with their handling of the PlayStation Network (PSN) data breach.
Sony PSN gets hacked
For those who aren’t aware, Sony’s PSN, an online store used for purchasing and playing games, as well as films and other services, has been offline for over a week. The reason, as revealed yesterday, was that the service had been hacked into, and the personal details of its 77 million users taken.
The first I knew about the service going down was when I tried to play Portal 2 and got an “error 80710a06” message.
Portal 2 is a huge release for 2011, launched a few days before the PSN outage. It allows PS3 players to play live with PC gamers, and is a ‘big deal’. The excitement around the release has been immense… and wholly tarnished by the PSN debacle.
As a user of the service myself, the question I want answered is, why did it take Sony so long to confirm that security had been breached? Users had to wait a week before they confirmed that personal and financial details were at risk. Surely we could have been told sooner?
What’s happened to our personal details?
It’s no secret that a lot of people use the same passwords for various sites online. For these people, the breach of their PSN account also puts their whole online experience at risk.
Email, Facebook, shopping and banking accounts are all vulnerable to abuse from anyone who gets hold of their PSN details. Naturally it’s best practise to have unique passwords for all sites, but there are still lots of people out there who prefer the simplicity of one password rather than the security of many.
On top of this, and perhaps more worryingly, Sony have stated that credit card information may also have been taken. This has not been verified yet, but it is a very real possibility.
Had Sony done the decent thing and actually warned their customers sooner, we could have all taken action, be it making sure our passwords were changed, or being more vigilant of our credit card bills. Anyone who may have illegally got hold of our details was essentially given a week head start on us.
Why didn’t Sony tell us sooner?
They had already confirmed that the PSN service was down due to ‘external intrusion’ on the 19th of April, although they say that a data leak was not confirmed until the 26th.
Surely they should have advised us that there was a chance our details may have been compromised the moment their servers were hit. Wouldn’t we rather know early on that there was a chance of our personal details being exposed, rather than wait for it to be confirmed?
Perhaps Sony felt that the threat wasn’t a real concern, or maybe they didn’t want to overshadow the announcement of their latest tablets. They probably had their fingers and toes crossed that the issue wouldn’t become a huge PR nightmare. Too late.
I have already decided that I will remove my card details from the PSN the moment it is back up, and I am sure I’m not alone. Like a lot of people, video games are a massive source of entertainment for me, and I could do without the threat of identity or credit card theft hanging over me whilst I’m playing Portal 2.