[UPDATE] Playstation Network Breach, Credit Data Status

30 Apr, 2011

UPDATE 1: Sony has released another statement on the matter, detailing how the system is being rebuilt from the ground up, you can read it here!

UPDATE 2: A financial estimate from the Ponemon Institute values the damage of the breach, should user data confirmed to have been lost, at $24 billion. Read the Forbes story here!

UPDATE 3: Sony has given reason for the delay to Kotaku, which can be read here. Logrhythm, a UK network securities company, believes that Sony may not be giving the whole story. Their response to Sony’s statement can be read here.

UPDATE 4: The breach has launched a government response on both sides of the Atlantic. Read Connecticut Senator Richard Blumenthal’s open letter to Sony here, one of two sent to the company from US officials. The other, from House Energy and Commerce Committee Chairman Mary Bono Mack, has not been publicly released.

The Playstation Network server outage has now entered its tenth day, and shows no signs of recovery. Worse still, Sony has since confirmed that private user information, such as profile name, birth date, and associated addresses, have been obtained by an illegal third party. The electronics company has since confirmed that while encrypted credit card data was accessed, there is still no evidence to suggest foul play.

Despite Sony’s statement, an Australian PSN member, Rory Spreckley, has claimed to ABC News that he is the first victim of fraud as a result of the hack, losing around $2,000 in unapproved transactions. The report does not seem to correlate with a lack of evidence discovered from major credit card companies like Mastercard and Visa. On the hacker’s side of things, reports from underground forums suggest that those involved in the Network outage have acquired 2.2 million unique card numbers from PSN accounts. This claim comes after several more claims of illegal card use, mostly on German plane tickets and purchases in Japanese stores.

The concerns over privacy have led to a partnership with the United States’ Department of Homeland Security, who, with the Federal Bureau of Investigation, have begun multiple investigations into the matter and the acquisition of possible suspects. Similar investigations have begun with Canada’s Office of the Privacy Commissioner and Britain’s Information Commissioner’s Office.

The question of compensation has have been raised, with Sony so far only offering to “make good” on investments from its MMO players. A recent Q&A posted by Sony hints that the company is “currently evaluating ways to show appreciation for your extraordinary patience as we work to get these services back online.” Hulu Plus, a service offered on PS3, has emailed free one-week vouchers for their product on all other compatible devices for the mean-time (via Joystiq).

The latest information on the hack puts the blame on the custom firmware, Rebug. According to a self-proclaimed moderator of PSX-Scene, the firmware allowed the creation and use of fake credit cards for unlimited potential content downloads. Rebug, released on March 31st, effectively turned a regular PS3 unit into a developer kit in the eyes of Sony’s servers.

George “Geohot” Hotz has issued a sentiment in regards to the attack, saying that “The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts.”

In addition all other concerns the outage has raised, the possibility of serious data loss has been raised by Eugene Lapidous, AnchorFree’s chief architect. Speaking to IndustryGamers, Lapidous laid out a worse case scenario. Sony has since stated that both trophy data and cloud saves are expected to remain intact.

“It’s hard to believe that it’d take [over a week] to restore all data and code from backups, but it could happen if PSN doesn’t have good safety/disaster recovery procedures,” Lapidous detailed, “If service is disrupted due to permanent harm (and no effective backup), Sony may need to admit data loss: old data may never be restored. Time to restore the service becomes the time it takes to admit this fact.”

Content developers for the platform are not happy either. Q-Games’ (Pixel Junk) Dylan Cuthbert spokes on the fiscal effects of the downtime in an exclusive with IndustryGamers. “PSN being out definitely affects our bottom line, but as long as the people who were going to be playing Shooter 2 and other PixelJunk titles will get right back in there playing them when it comes back up we’ll be happy and hopefully income won’t be dented too much,” he said. “Sony has contacted us to let us know they are working as hard as they can 24 hours a day to fully correct and secure the breach,” Cuthbert continued. “Apart from that we don’t know any other information. Fingers crossed they’ll get it up and running very soon.”

IGN has reported that, while no info is currently available for creators of dated content, studios that had games set to debut in the past week is set to receive extra marketing support from Sony once the service comes back online. For some of the higher profile content, like the inFamous 2 beta, studios have either taken the initiative, or been supported by Sony in extending their product’s lifetime. It has since been rumored that Sony has begun distributing new, higher security, PSN SDKs in order to lessen both the amount of development downtime and future security risks.

Alexey Menshikov, CEO of Beatshapers (StarDrone) has also released his company’s plans (in an exclusive with IndustryGamers) to delay their product launch due to the perception that it “might just get lost in the many releases” when PSN re-launches. In regards to his current perception of Sony after the outage, Menshikov stated that, “In the past events with outages, and regarding PS3 hacks, Sony always was confident and helpful, although not immediately.”

Kazuo Hirai, Sony Corp's President, has become a central blame figure following the incident

“Sony will be helping us retain key focus [prominent placement on the PSN Store] for an extra few weeks as they understand how something like this can affect a small dev studio like ours,” said Paddy Murphy, CEO of Open Emotion (Mad Blocker Alpha). “As it’s our first week in the U.S., I’m sure it will affect sales, but we have to understand that Sony wouldn’t take down the entire PSN on a whim. As long as they can give us some marketing assistance when the PSN is back up, we are sure we will be able to recoup our potential losses.”

Industry securities consultant Michael Pachter has a much more optimistic view of the outtage, saying that this temporary down-time could be better for gamers in the long-run.

“I think they’re really trying to make the system hack-proof, and there appear to have been some pretty serious security issues. They have to keep the system secure no matter what, so being down a few days is worth it if they can ensure security over the long run,” Pachter commented to IndustryGamers. “There will be some short-term pain, but over the long run, gamers will appreciate that Sony is looking out for their best interest.”

Pachter has since issued another statement to IndustryGamers concerning the long-term effects the hack could have on Sony’s bottom line. Turns out, not much.

“Of course, this is bad for Sony’s image, and they have to fix the breach and ensure that it doesn’t happen again, or they will risk losing customers forever, ” Pachter theorized, “I don’t think people switch sides in large numbers based on this, considering that few will really have lost very much at all (two weeks of Call of Duty multiplayer is probably the biggest loss), and to ‘switch sides’ means buying a 360 and paying $60/year for XBL. I think that Sony is in good shape as long as there is not another incident. If there’s another breach, it would be pretty bad…No, I don’t think PS3 sales will be impacted at all. Late adopters are far less likely to care about PSN than early adopters.”

In terms of good news, “Playstation Network” as a Google search item has increased 2,350% over the past few weeks. So…there’s that.

A lot of information to process here, E-Gs, but what are your thoughts on all these new details? Comment below!

About the author

Gavin Greene
Gavin Greene

Elder Geek installed GavinGreene.exe into its News editorial directory in May of 2009. The resulting mobile humanoid server has developed frighteningly realistic obsessions with RPGs, Adventure Games, and Industry Politics, and may be the harbinger of the inevitable singularity. Follow him on Twitter @ElderGeekGav

Related Posts

10 Comments

  1. Keck282
    April 27, 2011

    First off, Sony should have had better security for the system itself and its online services.

    That being said, I am sure Sony will put up a much stronger service. As I said earlier, Sony should compensate all gamers and not just the PSN+ subscribers (though they deserve more compensation since they are paying customers). I can’t wait to get this issue resolved so I can play Portal 2 co-op again and sync my trophies.

    • Seluhir
      April 27, 2011

      come on Keck, nothing is hack-proof. Even the pentagon has been hacked when people are determined. I’m sure they had as good of a security as any other online service, it just so happened that the hackers were buttsore over the limitation of their ability to pirate games by various factors and got pissy at sony.

      I agree completely that some form of compensation is due… but what form it takes, who knows.

      • Keck282
        April 27, 2011

        Ok, I’ll give you that. But, just allowing your encryption codes to be out in the open is a huge oversight (what the failOverflow guys found that led the system to be blown wide open). But yes, it is a bunch of people complaining and then ruining things for the rest of us.

        I just want this issue to be resolved soon.

        • Seluhir
          April 27, 2011

          I just hope the resolution doesn’t cause a significant impediment to the gaming scene.

          • Keck282
            April 28, 2011

            Especially when it comes down to politicians. They really don’t know that much when it comes to technology, and just play the harbinger of punishment. Sony is at fault for not encrypting the personal data that well (read that in an article earlier), but the the credit cards may or may not have been taken (this is still debatable).

            I do like that they are rebuilding PSN for the better (maybe they can add in cross-game chat and some other features). Still, this needs to get resolved quick so we can go back to enjoying our daily lives.

    • Mats Paasche
      April 28, 2011

      Sony is actually known for making some of the most secure and hack proof services and products available, or at least they were. Remember that it took hackers 4 years to crack the PS3 the first time, and then once Sony launced the “firmware” that fixed it it took them another 6 months to crack that.

      Microsoft on the other hand got their system hacked into oblivion only 4 months after it’s release. And Nintendo got their system hacked after barely a year.

  2. Eliot Hagen
    Eliot Hagen
    April 30, 2011

    Shit happens. Just get the goddamn service up and running again. I need my Netflix & Hulu Plus.

    • Seluhir
      May 02, 2011

      So elegantly stated ;)

    • Korne
      Korne
      May 04, 2011

      Netflix still works… but I think your account is directly applied to hulu plus. I m not sure though. Ive been surviving with the full series of Trigun.

      • Mats Paasche
        May 04, 2011

        Trigun Nice! Pretty much the only anime show I’ve ever seen and liked.