Reading Between the Lines: The Sony PSN Breach

Thursday, April 28, 2011

Rafal Los


For those of you rare Information Security birds that are not video game junkies (I'm included in that, by the way, although I do have a PS3 and Wii...) let me fill you in quickly on what the hot topic of today is.  

Front and center for the last week plus has been the epic security failure of Sony's PlayStation Network (PSN), detailed nicely already.

To point out a few facts that should boggle the mind-

  • Sony waited a while before telling anyone what was going on
  • 77 million accounts have been compromised
  • Stolen details: name, address, phone number, birth date, PSN user ID & password
  • The PSN is still down while trying to do forensics and rebuild

So here's something odd... where's the outrage?  Some are saying that aside from the Epsilon data breach this could be the largest compromise of significant details ever.  

It's even entirely possible, although not confirmed, that payment details (hint: credit card numbers!) were pilfered too... so again I ask - where's the outrage?

Yesterday one of my friends and fellow Twit Andrew Richards made an interesting point -4-27-2011 12-29-44 PM.jpg.

Brilliant.  What are PSN gamers/users more worried about?

Are PSN gamers more worried about their heard-earned trophies and status on their favorite games, or the fact that their personal information and maybe even their credit cards were pilfered?

To answer that question let's look at the state of things right now:

  • Banks will 'put back' any funds that are illegally taken from your account
  • Thanks to the thousands of data breaches, most people have a credit monitoring in place
  • Apathy for 'ginormous' data breaches is building fast among the general populous
  • Video game 'earnings' are worth real money as is evident by people auctioning off items from video games on eBay and other venues

So I'm with Andrew... ask yourself this question honestly and see what your answer is.  

Now... what does that say about the state of security?

I hate my thoughts...

Cross-posted from Following the White Rabbit

Possibly Related Articles:
Information Security
Sony hackers breach Consumers PlayStation PSN
Post Rating I Like this!
Rod MacPherson You mean somone out there actually cares at all about the PSN trophies? I haven't met anyone yet that gave them much notice, in fact I've met more than a few who were upset that that was a feature that Sony deemed worthy of a mandatory update back when it first was introduced.

The thing that bugs me most is the CC data issues. #1 that it took them as long as it did to admit that any info at all might have been taken, but more importantly, that I cannot log in to even check what CC# it was that I gave them. It has always bothered me that they stored the number without giving me the option to say no, just use it for this one transaction and discard it.

To be honest, when the network first went down, for the first 30minutes or so of not being able to log in I thought it was that they'd cancelled my account because I raised a question about the April 1 Terms of service, which technically make it illegal for Canadians to watch the videos tehy buy/rent from PSN. ...typical corporate America, too insulated from reality to realize they can't offer a service to people in other countries and then say, "but according to our terms of service you cannot actually make use of this service outside the USA". ...then too stubborn and prideful to admit they made a mistake and try to fix it. Now I understand that they now have bigger problems on their hands, but I'd be nice to see the contract issue cleared up after the hacking issue is settled. (I assume it will be, one of these days).
Rafal Los @Rod - I hope you're not holding your breath ...on either of those issues. If Sony's track record is to teach us anything it's that they really, really only care about themselves, and will do anything to make a buck. Wow, reminds me of Apple, doesn't it?
Rod MacPherson After reading line by line through the past year's credit card bills, I determined that we've only ever used one card with PSN and that it's been replaced since it's last use.

From now on it's prepaid PSN gift cards bought at the grocery store only. ...same goes for iTunes.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.