Just short of 2 weeks ago the Playstation network was taken offline by Sony because “cyber terrorists” had gained access to crucial information stored on the server. A few days after the attack, (which is way too long in my opinion) Sony released that 70 million accounts had in fact been compromised, and the hacker had gained access to personal information tied to the Playstation Network. Sony recommended that you “utilize a free service” and get your credit checked to keep an eye out for any fraudulent activity. It then announced plans to offer an entertainment download, and 30 days of Playstation Plus for free.
What a wonderful marketing opportunity for Sony, to give 70 Million people one month of their subscription service for free. The announcement had me asking a question. Their service was hacked, granted the person hacking only obtained my email address and other things related to my network account. No SSN, or anything that could have legitimately hurt me. But after such an attack, with little to no apology they ask us to put our personal information back onto their servers, and enjoy a free month of their service that got hacked. If we like it, then we have the option to continue to pay for it. I don’t normally nerd rage, but I find that insulting. Not the thought of offering us a free month, but the total lack of apology. They didn’t explain what they did to fix the issue, didn’t mention server updates or new security procedures or what company they hired to handle our personal information. They simply said, “hey we got hacked! so we’ll give you a free month, trust us.”
As if to justify my paranoia their Online servers were then compromised and thousands of credit card numbers were obtained through their MMO subscription service. Sony Online Entertainment was then shut down. BBC Business mentions that roughly 12,700 non US Customers had their credit card information stolen in this second attack. Now that it has become a more serious issue, and well, I assume Sony can see that people are frustrated so they decide to offer a free year of credit monitoring. It’s about time, I decided that maybe Sony was doing everything they can and it’s ok to be friendly with them again. Once I made that decision the biggest bomb dropped.
The Consumerist, who has been following the Congressional proceedings related to the case, released information that made Sony look more like a villain than ever. According to Dr. Gene Spafford of Purdue University, Sony knew it’s software was out of date, and they had no firewall. My windows 7 partition has a firewall, I guarantee you it won’t stop a seasoned hacker, but it’s basic security. I don’t have information that a seasoned hacker would want, Sony did. Whether or not Sony’s service is free, and regardless of how much we we’re paying to compete online, they sell a product. They offer an online store that we can conveniently purchase from using stored credit card information, and what’s worse, they advertised aggressively that their online service was better, because it was free. Sony showed a brazen disregard for their customers personal information and figured that simply giving us 30 days of their premium service for free would make everything ok. That is crux of the issue to me. Not that consumer information was stolen, but simply that Sony knew there was a possible issue, knew that they had a vault of valuable personal information, and they did little to nothing to protect it.
Brow beating Sony really won’t get us anywhere. Their loss of reputation is already something that they’ll have to deal with. The financial damage from lawsuits, system upgrades (that they should have done anyway). And their need to find some form of spin for this is going to effect them enough. This incident as well can be looked at as a good thing for Playstation Network users, Sony would be stupid not to have the best internet security in the world from here on out. I can imagine that they’ll be looked at with a fine tooth comb, and if they learn anything from this it would have to be that our security matters. So with all the frustration of the last two weeks for those of us who rely on our Playstation for entertainment, I see a lot of good that comes out of this.
My final thoughts on the whole matter are simply this. In a world where we give credit card numbers and info out over the phone for a take out order, and enter our personal info into millions of online forms. If a company like Sony can be so irresponsible with our personal information, where do we as a consumer have to be held responsible for trusting so many companies with little to no research? I’m not exemplifying Sony of blame, it is completely clear to me as a consumer that they simply did not care about protecting their customers information. I’m just asking the question, when do we all start thinking twice before providing most of our information to any form that requests it?
This has been a learning experience for me and I’ll definitely start thinking twice before I fill out a generic internet form. Now that I’ve forced you to read my lengthy thoughts, what do you folks think? Are we being too hard on Sony?
Thanks to Evil Avatar,The Consumerist, and BBC News