Sony

Sony Sued Over PlayStation Network Breach

You knew it would come to this.  Please read the following post.  I found it to be very interesting:

 

The Sony PlayStation Network outage has prompted questions about data security and a congressional inquiry, and now you can add class-action lawsuit to the list.

A California-based firm has filed suit against Sony, accusing the company of failing to adequately protect, encrypt, and secure its customer data. The suit seeks damages for the data loss and PlayStation Network downtime.

“We bought this lawsuit on behalf of consumers to learn the full extent of Sony PlayStation Network data security practices and the data loss and to seek a remedy for consumers,” Ira P. Rothken, an attorney who filed the complaint, said in a statement. “We are hopeful that Sony will take this opportunity to learn from the network vulnerabilities, provide a remedy to consumers who entrusted their sensitive data to Sony, and lead the way in data security best practices going forward.”

Sony’s PlayStation network has been having issues since last Wednesday, but it was not until last night that Sony confirmed that hackers had obtained personal information from the network, which possibly included credit cards. Sony said it expects to “restore some services” within a week, but did not elaborate.

“Sony’s breach of its customers’ trust is staggering,” co-counsel J.R. Parker said. “One would think that a large multinational corporation like Sony has strong protective measures in place to prevent the unauthorized disclosure of personal information, including credit card information. Apparently, Sony doesn’t.”

The suit was filed on behalf of Alabama resident Kristopher Jones, who has been a PlayStation user since 2009.

The lawsuit claims that Sony was aware of vulnerabilities with its system for some time, but does not provide details.

“[Sony] has been aware for a substantial period of time that PSN was prone to catastrophic loss of data from a security breach,” according ot the filing. “Nevertheless, [Sony] failed to warn its customers of the problem or tried to prevent them from suffering system suspension from security breaches and data loss.”

“Sony sat silently while consumers purchased defective PlayStation consoles and PSN service without warning customers about the risks inherent in purchasing and relying upon Sony’s data security,” the suit continued.

In a Tuesday blog post, Patrick Seybold, senior director of corporate communications and social media at Sony, insisted that “there’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised.”

Sony learned of the intrusion on April 19 and subsequently shut down its services. It then brought in outside experts to assess the damage, which took some time, he said.

“It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach,” Seybold wrote. “We then shared that information with our consumers and announced it publicly this afternoon.”

In a Thursday blog post, Sophos security consultant Carole Theriault called on Sony “to stand up and explain how the company screwed up, how the bad guys got into their system, why the data wasn’t properly stored: a clear and concise explanation and, where appropriate, a straight-up apology for their oversights/misplaced bets/mistakes/etc.”

Late yesterday, Sen. Richard Blumenthal, a Democrat, wrote to Sony president Jack Tretton, expressing concern about Sony’s reaction time and asking that Sony provide them with access to financial data security services.

 

Source: Chloe Albanesius / PCMag.com

Speculation, Suspicion, and Seriousness

Was it hackers, hackers, oh it was hacker or a bad mistake on Sony’s part?  The question remains unanswered.

Sony has done a wonderful job of using carefully crafted wordplay when addressing the questions we have about the PlayStation Network incident.  While lost in the thick of things we are nowhere closer to knowing the reasons for the outage.

We are unaware if our account details and info has been compromised.  The one thing I know is that all of this a really something to be concerned about.  I myself will be contacting my bank to have my card number changed.  I am sure I do not stand alone in attempting to be safe rather than one day sorry.

So not only are us the users of the PlayStation Network affected by this, but now bank’s need to rev up for the massive influx of customers requesting new accounts…

Going forward, I can say Sony has lost my trust in its service.

Sony: Questions and Answers

Patrick Seybold post yet another blog post regarding the PlayStation Network Outage.  On his blog he steps up to do some clarification work and even points us to a little Q & A area.

Seybold writes the following, “There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.”

We are then linked to the Sony PlayStation Knowledge Center.  Hold to your eyeglasses if you have them, and see the list of questions and answers below:

 

PSN/Qriocity Network Outage FAQs

1. When did the PSN/Qriocity become unavailable?
PSN/Qriocity services have not been available since April 20 (US time) in all regions.

 

2. Why did the PSN/Qriocity become unavailable?
An external intrusion on our system has affected our PlayStation Network and Qriocity services.

 

3. Why was Sony not prepared for a compromise of its network?
We are currently conducting a thorough investigation of the situation. Since this is an overall security related issue, we cannot comment further at this time.

 

4. Is the attack by “Anonymous” or another party?
We are currently conducting a thorough investigation of the situation. Since this is an overall security related issue, we cannot comment further at this time.

 

5. Why is it taking so long to restore network services?
As soon as we learned of this issue, we temporarily turned off PlayStation Network and Qriocity services in order to conduct a thorough investigation and to verify the smooth and secure operation of our network services. Our efforts to resolve this matter involve re-building our system to further strengthen our network infrastructure. Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security.

 

6. How serious is this compromise? How will Sony prevent this from happening again?
Because there is an on-going investigation we cannot comment further at this time, but we are working to restore and maintain and strengthen the services, including incorporating additional countermeasures to ward against future intrusions.

 

7. When will service be restored?
We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.

We will keep the service down to allow us to conduct a thorough investigation to ensure smooth operation of our network services when they return; we are working hard to resume the services as soon as we can be reasonably assured our security concerns have been addressed.

 

8. Did SOE experience an attack due to the same reason?
SOE’s services are currently available, but they did experience a service interruption due to an external attack. An investigation is ongoing.

 

9. Have you had such a long PSN/Qriocity service termination like this one in the past?
No.

 

10. Does PSN/Qriocity get attacked very often?
We cannot make any comments regarding this matter at this time.

 

11. I want my money back (subscription fee, content) since the PSN/Qriocity was not available.
While we are still assessing the impact of this incident, we recognize that this may have had financial impact on our loyal customers. We are currently reviewing options and will update you when the service is restored.

 

12. There seems to be some games that cannot be played even offline?
Some games may require access to PSN for trophy sync, security checks or other network functionality and therefore cannot be played offline.

 

13. Why are Sony Online Entertainment services available while PSN and Qriocity are still down and you (SCE/Sony) are not able to even tell us when it will come back again?
As our investigation in this matter is ongoing, we cannot comment further on this matter.

 

14. What personally identifying information do you suspect has been compromised?
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information provided by PlayStation Network/Qriocity account holders: name, address (city, state, zip), country, email address, birth date, PlayStation Network/Qriocity password, login, and handle/PSN online ID. Other profile data may also have been obtained, including purchase history and billing address (city, state, zip). If an account holder has authorized a sub-account for a dependent, the same data with respect to that dependent may have been obtained. If an account holder provided credit card data through PlayStation Network or Qriocity, it is possible that the credit card number (excluding security code) and expiration date may also have been obtained.

 

15. How will I know if my personal information has been compromised?
We have provided notices to consumers at the email addresses associated with their PlayStation Network/Qriocity accounts. You may also visit www.us.playstation.com/support and www.qriocity.com for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your credit card account statements and to monitor your credit reports.

 

16. What steps have you taken to investigate this compromise?
We have engaged an outside, recognized security firm to investigate this incident and to assist us in our ongoing efforts to protect your personally identifiable information.

 

17. I got an email from you asking for my PSN/Qriocity sign-in ID and password. Is it really you asking for this information?
Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.

 

18. What should I do to avoid having my personal information compromised?
For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other

 

19. Why did Sony wait until now to tell PSN users that their personal information may have been compromised?
The nature of the intrusion required that we undertake an extensive and thorough investigation of the matter, which took considerable effort and time. We needed to make sure that we knew and understood the facts before providing the appropriate notice to PlayStation Network users.

 

The above questions and answers are listed under answer id 2356

 

Sony’s MOTD: Indefinitely

So there we have it… six days of downtime (announced by Sony) and the PlayStation Network continues to suffer from difficulties.  There has been no indication as to when the network, which has more than 70 million users…  Let me say that again; has seventy million users worldwide.

In yet another PlayStation Blog we read the following message:  “Unfortunately, I don’t have an update or timeframe to share at this point in time,” reads the latest update from spokesman Patrick Seybold on the PlayStation Blog. More disappointing news at:  http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/

It’s very frustrating, and I am falling in line with the other Angry PlayStation users who are unable to back to the PSN.  It seems unfair, and some of us, like myself have invested money into the PlayStation Home, Little Big Planet, MAG, and countless map packs; all purchases that are only usable on the PSN (PlayStation Network).  Are we all going to get some form of compensation when the network comes online again?

Sony has already let me down, in the past will killing of the MMO Game “Matrix Online“.  Now they are digging into old wounds.

I may be going Xbox Sooner than I had thought.

Sony Investigating Credit Card Security

So we all know by now that the PlayStation Network has been temporarily unavailable for days now.  What we don’t know is that if our credit card details and private information has been made available by those of gained access to Sony’s Systems.

According to SCE Japan spokesperson Satoshi Fukuoka, that the ongoing investigation includes the security of user credit card details.  The firm also reassured PSN account holders that it will “promptly inform’ them at the first sign of access to our account details.

“Promptly inform”, is that some type of joke.   If their public notice to the user is that networks are temporarily down; well over five days now.  I don’t have a good faith in what their idea of ‘prompt” is.  Sorry Sony, I’m losing faith.

Meanwhile, SCEA communications chief Patrick Seybold has released a company update on the continuing PSN (PlayStation Network) downtime, by saying:  “I know you are waiting for additional information on when PlayStation Network and Qriocity services will be online. Unfortunately, I don’t have an update or time frame to share at this point in time.

“As we previously noted, this is a time intensive process and we’re working to get them back online quickly. We’ll keep you updated with information as it becomes available. We once again thank you for your patience.”

At the end of the day – The Sony PlayStation 3 is the best offline gaming system out there