A new update has just been released regarding the PlayStation Network outage and security issues. Once again it begins with another apology to users affected by these events.
It seems this latest update is over concerns and increased speculation over fraudulent credit card use. It also notes the rumors that one group had offered to sell credit card information back to Sony is false. Originally the New York Times had reported that one internet forum user was claiming they made such an offer to Sony and Sony declined to meet his demands. So this person was advertising on forums to sell to the highest bidder. The NY Times article was later shot down being that the writer did not verify these claims. Lets face it, we all know that some forum goers have a flair for the dramatic. Without any evidence, it is just someone trying to stir things up, much like the bogus e-mails, that if forwarded to enough people, will win you a prize.
Another point that Patrick Seybold, Senior Director for Corporate Communications and Social Media of Sony, made mention of is regarding passwords.
“One other point to clarify is from this weekend’s press conference. While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in clear text form.”
What does this mean? It means that if, for instance, your password was “belkin7649” it would not show up in Sony’s database as “belkin7649”. As an example, it would show up as “fKiW45gSQeRp47”. So what is the difference between this and encryption? Encryption also takes plain text and transforms it into an unreadable form, just much more complex than the hash function. Either way, someone would have to go through a lot of work to ultimately decrypt the information.
Sony also reinforced their message of additional security steps that consumers should take. Be aware of people contacting you claiming they are Sony. Sony will never contact you and ask for your personal information. They also strongly recommend you change your password when services return. Previously it was stated that all users will be required to do this. Guidelines for the process have not been released yet, but their should be a guide or FAQ available outlining the process for users.
Once again, the statement ends with another apology and their objective.
“Our objective is to increase security so our customers can safely and confidently play games and use our network and media services. We will continue to provide updates as we have them.”
The full statement is available on the PlayStation Blog.