As Sony wrestles with one of the biggest data thefts in recent history, we weigh up what the PSN hack attack means for gamers and how you should respond.
As of today, April 27, Sony’s PlayStation Network (PSN), has been offline for nearly one week from a monumentally successful hacker attack.
This is the longest period of time the PSN has been offline since the service began in 2006 yet as you are no doubt aware, that fact is the least of Sony’s and its fans’ worries right now. PSN users worldwide are currently trying to understand the startling personal ramifications of last week’s attack and the worrying likelihood that a wealth of their personal information has been stolen.
Last night Sony admitted yesterday that an “illegal and unauthorized” person had gained access to 77 million PSN accounts, while acknowledging that the security details of each user had been compromised.
With personal information such as names, personal addresses, email addresses, passwords, date of births and perhaps even credit card details stolen, the attack has already been described as one of the biggest data breaches in recent history. Certainly, it is the biggest crisis Sony’s PlayStation brand has ever faced.
While Sony last night admitted that “there is no evidence that credit card data” was stolen, the company tempered that remark by adding, “we cannot rule out the possibility.”
“If you have provided your credit card data through PlayStation Network or Qriocity [pronounced ‘curiosity’, this is Sony’s web-connected on-demand video and music platform], to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”
We’d wager that Sony Computer Entertainment America CEO Jack Tretton doesn’t look quite so chirpy today
The statement also warned PSN users to be wary of any “email, telephone, and postal mail scams that ask for personal or sensitive information.” In a support FAQ dedicated solely to the outage, Sony added that they are seeking to “further strengthen our network infrastructure” to prevent a similar attack happening again.” Of course what many gamers are asking is whether or not the damage has already been done.
UK gamer rights group Gamers’ Voice has spoken to video game site Eurogamer this morning to express their dissatisfaction at Sony’s response to the attack.
“The response by Sony to this situation is at best disappointing and at worse dangerous as it has left up to 75 million customers at risk of identity theft and fraud,” the group’s chairman Paul Gibson told the site.
“Since this security breach took place a week ago, Sony should have notified its customers immediately of the potential loss of information. We are contacting the Information Commissioner in the UK to see what powers they have to investigate this matter further and hopefully to force some answers from Sony about the extent of this security breach.”
In a statement released this morning, Sony defended the timing of the announcement, which came six days after the initial outage. “There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised,” said Sony’s director of communications Patrick Seybold.
“We learned there was an intrusion April 19 and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident.
“It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon [Tuesday night on BST].”
Compensation concerns
So how you can you fight back against the potentially disastrous consequences of identity theft? Sony’s aforementioned FAQ doesn’t go into great details, although plenty of gamers are seeking compensation, due to the loss of content for their gaming/Qriocity service and understandably enough, don’t want to be charged for an offline platform.
Sony are currently being ambiguous on whether such compensation is forthcoming, only adding that they are “currently reviewing options and will update you when the service is restored”.
Until the service is fully back online, that company line will be trotted out to quell a number of queries, such as who caused the attack and how the PSN was so vulnerable to begin with.
Speaking of potential culprits, although the finger of blame was originally pointed at online ‘hacktivists’ Anonymous by many gamers, the group pleaded their innocence on AnonNews.org, posting a message that began with the line, “For Once We Didn’t Do It”.
The group believes “a more likely explanation is that Sony is taking advantage of Anonymous’ previous ill will towards the company to distract users from the fact that the outage is actually an internal problem with the company’s service”.
The biggest issue for gamers today is the potential ramifications of their personal details becoming compromised. As previously mentioned, Sony are advising users to not respond to any email, telephone calls or personal post that asks for personal information, especially if it is presented under the guise of the company.
Unsurprisingly, that is all Sony are advising – they certainly don’t wants millions of users cancelling and removing the credit cards registered with their service.
Passwords
The first thing that you should do right now is change every password you have registered online. Most Internet users tend to use the same password on every site and as such, that same password you have for PSN could be easily used by cybercriminals log right into your Internet banking or potentially even the company log-ins that you use every day at work.
E-Scams
Phishing attacks are another matter. Right now your spam inbox is probably jammed with advice on how to satisfy your lover or ‘clean her chimney’ (we actually received the latter as a subject title in a email to JOE). In other words, right now you aren’t going to fall for such emails or click their links.
With your name, security questions and personal address, however, such unsolicited emails could become a lot more convincing. Be as vigilant as possible and don’t click on any links contained in every unsolicited email you receive from now on.
The National Consumer Agency (NCA) today warned gamers that “a reputable company will not contact you asking for your credit card number, PIN or other personal information, so be alert and do not respond to requests like this.” The agency added that concerned gamers should “keep a close eye on bank and credit card statements” and report suspicious transactions as soon as possible.
Credit card details
The most pressing question every gamer has had this afternoon is whether or not they should go through the hassle of cancelling the credit card they have registered with the PSN. The UK-based group Financial Fraud Action has sought to reassure PSN users that there is no need for customers to contact their bank or card company as of this moment.
Instead they advise users to watch and wait, checking their online banking credit card statements as often they would their email. If you see that the card has been used for fraudulent activity, contact your card supplier immediately, as the NCA advise..
Gamers may find solace in the tweets of Wedbush Securities analyst and frequent video game industry talking head Michael Pachter, who downplayed the impact of yesterday’s news by telling his Twitter followers that ‘a greedy, evil hacker would have attacked a bank; a self-important show-off hacker would attack PSN, to impress friends.”
While numerous details of the PSN attack and its ramifications are currently unknown, what is certain is that gamers will not soon forget Sony’s statement last night.
As recent as Friday (April 22), forums were abuzz regarding the potential consequences the service’s outage would have on this week’s gaming charts.
Would multi-format releases such as Portal 2 and Mortal Kombat’s Xbox 360 versions sell better, owed to their online functionality? Yes for the former, no for the latter. Would multiplayer-heavy PS3 exclusive SOCOM: Special Forces die a death in the charts without PSN? It did. How little such issues appear when three to five days previous, the perpetrators behind the crippling of Sony’s service potentially had full knowledge of such users most steadfastly-guarded personal details.
A new enemy for Sony
The sad truth is that Sony’s current crisis had been coming. The company has made powerful enemies in recent months by launching legal assaults on prominent hackers such as George Hotz, the 21-year-old that was first to jailbreak the iPhone, for jailbreaking the console and allowing it to run unsigned code, a feat which took years.
Even if the PSN launches tomorrow, with full compensation and a wealth of new features, the ramifications of Sony’s recent, arguably overly-litigious reactions to hackers will eventually lead the company, unjustifiably or not, towards attacks in which every hacker is looking to score a badge of honor.
When a similar outage occurs, and it will, ultimately the same panic-ridden gamers that are worryingly clogging online forums today for advice, changing passwords and contacting their card suppliers will once again have the most to lose.
The statement also warned PSN users to be wary of any “email, telephone, and postal mail scams that ask for personal or sensitive information.” In a support FAQ dedicated solely to the outage, Sony added that they are seeking to “further strengthen our network infrastructure” to prevent a similar attack happening again.” Of course what many gamers are asking is whether or not the damage has already been done.
UK gamer rights group Gamers’ Voice has spoken to video game site Eurogamer this morning to express their dissatisfaction at Sony’s response to the attack.
“The response by Sony to this situation is at best disappointing and at worse dangerous as it has left up to 75 million customers at risk of identity theft and fraud,” the group’s chairman Paul Gibson told the site.
“Since this security breach took place a week ago, Sony should have notified its customers immediately of the potential loss of information. We are contacting the Information Commissioner in the UK to see what powers they have to investigate this matter further and hopefully to force some answers from Sony about the extent of this security breach.”
In a statement released this morning, Sony defended the timing of the announcement, which came six days after the initial outage. “There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised,” said Sony’s director of communications Patrick Seybold.
“We learned there was an intrusion April 19 and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident.
“It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon [Tuesday night on BST].”
Compensation concerns
So how you can you fight back against the potentially disastrous consequences of identity theft? Sony’s aforementioned FAQ doesn’t go into great details, although plenty of gamers are seeking compensation, due to the loss of content for their gaming/Qriocity service and understandably enough, don’t want to be charged for an offline platform.
Sony are currently being ambiguous on whether such compensation is forthcoming, only adding that they are “currently reviewing options and will update you when the service is restored”.
Until the service is fully back online, that company line will be trotted out to quell a number of queries, such as who caused the attack and how the PSN was so vulnerable to begin with.
Speaking of potential culprits, although the finger of blame was originally pointed at online ‘hacktivists’ Anonymous by many gamers, the group pleaded their innocence on AnonNews.org, posting a message that began with the line, “For Once We Didn’t Do It”.
The group posited that “a more likely explanation is that Sony is taking advantage of Anonymous’ previous ill-will towards the company to distract users from the fact that the outage is actually an internal problem with the company’s service”.
The biggest issue for gamers today is the potential ramifications of their personal details becoming compromised. As previously mentioned, Sony are advising users to not respond to any email, telephone calls or personal post that asks for personal information, especially if it is presented under the guise of the company.
Unsurprisingly, that is all Sony are advising – they certainly don’t wants millions of users cancelling and removing the credit cards registered with their service.
Passwords
The first thing that you should do right now is change every password you have registered online. Most internet users tend to use the same password on every site and as such, that same password you have for PSN could be easily used by cybercriminals log right into your internet banking or potentially even the company log-ins that you use every day at work.
E-Scams
Phishing attacks are another matter. Right now your spam inbox is probably jammed with advice on how to satisfy your lover or ‘clean her chimney’ (we actually received the latter as a subject title in a email to JOE). In other words, right now you aren’t going to fall for such emails or click their links.
With your name, security questions and personal address, however, such unsolicited emails could become a lot more convincing. Be as vigilant as possible and don’t click on any links contained in every unsolicited email you receive from now on.
The National Consumer Agency (NCA) today warned gamers that “a reputable company will not contact you asking for your credit card number, PIN or other personal information, so be alert and do not respond to requests like this.” The agency added that concerned gamers should “keep a close eye on bank and credit card statements” and report suspicous transactions as soon as possible.
Credit card details
The most pressing question every gamer has had this afternoon is whether or not they should go through the hassle of cancelling the credit card they have registered with the PSN. The UK-based group Financial Fraud Action have sought to reassure PSN users that there is no need for customers to contact their bank or card company as of this moment.
Instead they advise users to watch and wait, checking their online banking credit card statements as often they would their email. If you see that the card has been used for fraudulent activity, contact your card supplier immediately, as the NCA advise.
If, however, the credit card has actually been lost by Sony (circumstances which are currently unknown as the service is offline), the card should be cancelled as soon as possible.
Gamers may find solace in the tweets of Wedbush Securities analyst and frequent video game industry talking head Michael Pachter, who downplayed the impact of yesterday’s news by telling his Twitter followers that ‘a greedy, evil hacker would have attacked a bank; a self-important show-off hacker would attack PSN, to impress friends.”
The sad truth is that Sony’s current crisis had been coming. The company had made powerful enemies in recent months by launching legal assaults on prominent hackers
While numerous details of the PSN attack and its ramifications are currently unknown, what is certain is that gamers will not soon forget Sony’s statement last night.
As recent as Friday (April 22), forums were abuzz regarding the potential consequences the service’s outage would have on this week’s gaming charts.
Would multi-format releases such as Portal 2 and Mortal Kombat’s Xbox 360 versions sell better, owed to their online functionality? Yes for the former, no for the latter. Would multiplayer-heavy PS3 exclusive SOCOM: Special Forces die a death in the charts without PSN? It did. How little such issues appear when three to five days previous, the perpetrators behind the crippling of Sony’s service potentially had full knowledge of such users most steadfastly-guarded personal details.
A new enemy for Sony
The sad truth is that Sony’s current crisis had been coming. The company has made powerful enemies in recent months by launching legal assaults on prominent hackers such as George Hotz, the 21-year-old that was first to jailbreak the iPhone, for jailbreaking the console and allowing it to run unsigned code, a feat which took years.
Even if the PSN relaunches tomorrow, with full compensation and a wealth of new features, the ramifications of Sony’s recent, arguably overly-litigious reactions to hackers will eventually lead the company, unjustifiably or not, towards attacks in which every hacker is looking to score a badge of honour.
When a similar outage occurs, and it will, ultimately the same panic-ridden gamers that are worryingly clogging online forums today for advice, changing passwords and contacting their card suppliers will once again have the most to lose.
LISTEN: You Must Be Jokin’ podcast – listen to the latest episode now!
