Today, May 1, 2011, at 2:00PM JST, Sony executives held a press conference concerning the recent breach and subsequent shut down of Playstation Network and Qriocity. Speaking on Sony’s behalf were Kazuo Hirai (Executive Deputy President, Sony Corp.), Shinji Hasejima (Chief Information Officer, Sony Corp.), and Shiro Kambe (Corporate Communications and CSR, Sony Corp.). They began by bowing and extending their sincerest apologies to all affected by the incident.
The first point covered was the compromise of personal data. The method used in gaining access to the database was said to be “a very sophisticated and advanced way of compromising our system”. As most may already know from prior updates, this included names, billing addresses, PlayStation Network ID’s, Qriocity sign-in ID’s, passwords, and security question answers. There was no evidence of access to credit card information and that it was encrypted and stored at another location. It was also stated that 3-4 digit security codes were not obtained. Of the 77 million accounts that were compromised, 10 million of them had credit cards stored on file.
The database that incurred the illegal intrusion was located in San Diego, California. In addition to expediting the pre-planned move, more security measures are underway. A new automated software monitoring system, increasing the capability to detect unauthorized intrusions and suspicious or unusual activity. On top of this, an enhanced firewall will also be added. There will be a new position created for a Chief Information Security Officer of SNEI to further insure protection of personal data.
Sony further stated that PlayStation Network services are key to its strategies and they will continue to strengthen their network and learn from this recent incident. Restoration of services are planned to begin this week with limited access. Confirming safety and security of the system is underway users regain access to the PlayStation Network, they will be required to update to a new firmware version and submit a new password. It was stated “this can only be done on the PlayStation 3 system on which the ID was created or activated, or through a validated e-mail address”. This was not further clarified, but more information should be available regarding the process before services are restored.One can only assume if you are unable to submit a new password via your PlayStation 3 that the validated e-mail address would be the one that is connected to your PlayStation Network ID.
Very little was said regarding the legal ramifications of this situation, but that is pretty much the standard in any on-going investigation. It was confirmed that FBI has been contacted in this matter because the database was located in the United States. Authorities in other countries have contacted Sony, and it is said they will be handled on a case by case basis. Also mentioned were the DdoS attacks which occurred in early April. The group that claimed responsibility goes by the name Anonymous. Additionally, personal information of Sony executives was dug up and posted on the web. Hirai stated “we will be sharing more information on the investigation when we have such information to share”.
Another large concern of consumers is how will they be compensated for loss of services. There are many arguments about the need for compensation for a service that is free, yet there are also users that do pay for additional services.
In response, Sony is instituting a “Welcome Back” package. This package will be based on the region in which you are located. This will include some free downloaded content, a 30 day free subscription to PlayStation Plus services for all users, and 30 days free Qriocity use for subscribers. If users are already PlayStation Plus subscribers then their membership will be extended by 30 days. In addition, Sony will also cover any costs for credit card replacements and identity theft protection services in affected countries. Nothing was mentioned about the 2 Sony Online Entertainment games DC Universe Online and Free Realms, both which require paid subscriptions and are on-line only games.
Sony also stated that they will be devoted to re-establishing its trust from consumers by continued increased security and better communication with their customers.
This incident has been big news of late, and the major concern of people seems to be the access of their personal information. Sony is not the first company this has happened to and it may not be the last. Other companies have had intrusions where information has been obtained. These days it just doesn’t take a hacker to gain information on you. Anyone of us that uses the internet is leaving some form of digital foot print. Simply put your name in one of the many internet search engines and some of you will be very surprised at just how much one can find through typing a name and the click of a button.
Update: Although Sony does plan on having online gaming back up this week for PS3 and PSP, as well as Playstation Home, and some functions of account management, G4TV reports that the Playstation Store and Qriocity services might not be up until the end of May.