PSN Security Issues Beyond Console Wars
It's been over a week now that the Playstation Network has been offline. From anger, to confusion, and back to anger, gamers all across the globe have certainly all felt the affect by now.
Of course, it's not really that big a deal not to have access to online gaming for a week. So you can't buy a PSN game or play Call of Duty online - I'm sure most people will get over that aspect. The real problem here is not the outage itself, but the reason for the outage:
Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
- emporarily turned off PlayStation Network and Qriocity services;
- Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
- Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
Source: Official Playstation Blog
To put it in simple terms, hackers likely have the personal information and even the credit card numbers of nearly eighty million Playstation Network Subscribers, yours truly included. Scary stuff, right?
Forgetting for a second the fact that millions of people around the world are now at the risk of identity theft, and the fact that no one has any idea who might have this information - no hacking organization, whether it be an individual or a group as big as Anonymous is going to take responsibility for this, considering that this is pretty clearly cut as illegal. People have actually managed to turn this into a argument for the console wars.
You don't have to venture too far to find people using this as an argument for the Xbox 360 and against the Playstation 3, how this has never happened to Xbox Live and how this is the reason people play for Xbox Live Gold Memberships.
Let me stop those people right there and say that it obviously isn't the reason people pay for XBL Gold. No one could have seen this coming, and regardless of security issues, or troll wars with hackers, this transcends any console war, any argument about one service or another. It should be clear as water that Xbox users are likely just as much at risk as Playstation users. Obviously, some of Sony's business practices have rubbed these hackers the wrong way, and it's very likely that the whole GeoHot thing was a catalyst for this latest attack - the timing is simply too convenient. There's absolutely nothing stopping these people from extending these activities to other platforms.
The bottom line here is that a bunch of people, including readers of this site, have had their personal information violated. So I plead to everyone. Please don't make this about one console being better than another. Yes, Sony will have to answer for this and their company is likely on the verge of a major backlash - and rightfully so - but gamers shouldn't have to suffer for their mistakes.
The other issue here is the fact that Sony took a week to specify the nature of the attack, and that personal information was likely stolen. Many have complained that Sony should have informed people immediately about the risk, but again, people have to realize that these things take time.
Once Sony detected an intrusion, forensic work had to be done to verify the nature of the intrusion. Telling people that information had been stolen without being certain of it would have created an unnecessary panic.
Naturally, the company had their bottom line and stocks to think of as well.
Don't get me wrong, there are definitely a lot of question Sony has to answer, and frankly, it will likely make even some of the most staunch Playstation supporters to rethink their dedication to this company and their products. But right now, all that matters is the safety of the information of its users, and finding the people behind this.
There is no word on when the PS Network will be back, but expect at least some services to be back up within a week. More on this story as it develops.