Sony’s security is no game
27 April 2011
The glorious weather during our school Easter holidays helped alleviate the pain somewhat, but the collapse of the Sony Playstation Network (PSN) did leave something of a hole in the life of one family member.
After a year of bribery, threats and a complex rewards structure, my teenage son received a PS3 a few weeks back on his birthday, accompanied by a host of well known games that are entirely inappropriate for someone of his age. To the best of my knowledge he has not stolen a car, killed anybody or done anything unspeakable to a zombie as a consequence, so I assume that he is keeping some sort of grip on reality.
However, apparently the inability to use the PSN makes the whole PS3 experience less rewarding and his interest has therefore been put on hold. All of which is pretty incidental. The fact appears to be that someone has hacked into the PSN and stolen everyone’s details, potentially affecting 77 million people around the globe with details such as name, address, date of birth, credit card details and password, now in the hands of someone we don’t want them to be in the hands of.
On the UK Playstation website an update says: “Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority.” Which comes in the category of ‘actions speak louder than words’.
It seems the basics when managing customer details have not been followed – i.e. using encryption. The impact this has really depends on how serious these hackers are. If they are just ‘doing it because they can’, as hackers seem to do sometimes, then it may well blow over without too many consequences. However, given that the data was stolen, rather than just interfered with, indicates a more sinister motive. If this is the case then the short-term future for electronic communications and trading could be both cautious and turbulent at the same time.
People rapidly dismiss the caution when it becomes inconvenient, but in the immediate future there may be a reluctance to trust a new supplier with personal details. Moreover, if there is any abuse of the PSN data, I think the consequences for anyone who holds a large database that is not adequately secure, and is then hacked, would be devastating. This, at very least, is a shot across the bows.
On a slight tangent, I do believe that Sony has taken a bad situation and made it worse. It reminded me of the Toyota episode from last year that I covered in our sister newsletter EMTWorldWide (‘Toyota conducts Model Test’).
A small number of incidents were initially blamed on a faulty accelerator mechanism. However, after a global recall of some models and extensive testing it emerged that there was nothing wrong with the cars and it was most likely a consequence of drivers kicking their floormats into a position that blocked the pedals. However, the way Toyota handled the situation transformed a minor drama into a major crisis and in some people’s minds will leave an undeserved question mark over the reliability of the cars.
There are no lives at stake in the PSN incident of course, but Sony, I believe, have scored a fairly obvious own goal. If it emerges over the coming week that millions of PSN users have had their bank accounts plundered during the six days from the initial hack to today (27th April 2011) when Sony has held up its hands and admitted that everyone’s details are gone, then there will be understandable outrage. To give the thieves a one-week headstart would not sit well with most users – maybe they would look sideways at the X-Box before rejoining the PSN!
Contact Details and Archive...
Most Viewed Articles...