Somebody Buy My PS3: One FAIL To Rule Them All
I’ve recently written a series of pieces for this site, each focused on four tech-sector disasters, or “fails,” if you will. But today, I come to you three weeks into a story of such failure that it deserves more devoted attention.
Sony’s Playstation division has managed to perform a once-in-a-lifetime kind of fail, and it reminds me that corporate pride is bullshit. In the age of Netflix Instant and Online Multiplayer Deathmatch, heads should have rolled off of the boardroom tabletop by now. Sony’s board of executives should be begging for their lives back in a manner that would make Tony Hayward write compassionate op-eds for the Wall Street Journal. But no: today, three weeks into the complete and utter annihilation of Sony’s servers at the hands of hackers, the Playstation Network is still offline, and consuming class has no reason to ever trust Sony again.
On April 20th, Sony’s online gaming and entertainment platform, the Playstation Network (PSN), crashed faster than FOX News can throw a James O’Keeffe tape onto the airwaves. Those trying to access any content that relies on that network (examples: Netflix Instant View, multiplayer modes in brand new and heavily marketed video games like the Portal 2 and Mortal Kombat) were given the explanation that the PSN was “Undergoing Maintenance,” and to try again later. For a day or two—this being the kind of mediocrity the tech world has to suffer time and time again—I didn’t think anything of it.
But, after a week of speculation, it was revealed that the electronics giant had been hacked to the point of customer data (names, addresses, and, oh yeah, maybe your credit card information) being scraped into in the hands of master hackers… whose identities are still unknown. What is known about whoever took the servers down and pocketed the information is that they are peers of Anonymous, the internet force which is visually represented by the Guy Fawkes mask. Anonymous is known for taking on big targets like Scientology and MasterCard (the former for being horrible, the latter for going against WikiLeaks). Sony has since accused Anonymous of being the Pakistan to this unnamed hacker’s Osama bin Laden by providing shelter; but nothing has been proven in that regard.
The PSN shutdown affected more than just the Playstation 3 consoles, though, and this is where things got bad for the customers. Taking the PSN offline meant more than just an interruption in services: users cannot even view their account information on a personal computer. To this day, Sony is helpless to let you know what you had on file with them, and if your use was anything less than frequent, that might not be easy to figure out. Repeated searches through my email (thank you, Gmail, for never forcing me to delete a message) were needed to find the receipts of past purchases on the PSN. If you then find the last four digits of your credit or debit card, only then do you know what information might be in the hands of some hackers, since Sony doesn’t even know if that was part of what the hackers obtained. By this point, it’s easier to just have your cards cancelled altogether.
As to those who had no idea about what was going on, if you did not boot up the PSN during that fateful week (those who have both Playstation 3 gaming systems and social lives have been known to voluntarily choose the latter over the former) had no chance of knowing what was going on here. Sony had a full week to send out an email to notify customers that the outage wasn’t the routine matter the on-screen error makes it out to be. When they did so, of course, it was with an email to customers that was more written to be ignored than to be taken seriously.
The letter, though, offers customers little reason to consider showing any trust in Sony, as they offer help in the form of… a free credit report. Really? That’s your help to customers? Something that’s already free? Meanwhile, credit card companies are looking to take a big hit on this (not that anyone should be losing any sleep over one of the least scrupulous sectors of corporate America) as replacing all of those cards has been estimated to cost as much as $300 million. Sony, though, wishes that was the hit they’re taking on this, as security think tank estimates show that they could lose $24 billion after this is all said and done.
Sony had previously announced that the PSN would be back by the first week of May, which obviously didn’t happen. For some reason, though, they had to announce further delays in the service. Meanwhile, the hacking community is already threatening another attack on Sony’s servers.
In a blog post, the least direct way to communicate with your customers, Sony is claiming to offer a year of identity theft protection, along with free goodies for their valued customers. I’m sorry, but until that’s sent out in the mail or via email, I don’t consider that a legitimate offer.
There is already a class-action lawsuit against Sony, and it might be the best way to start fixing this problem. To have Sony pay such a high price for this would teach them, and their competition, what proper data security looks like. Sony was a no-show at the Congressional hearing about this exact issue, so it doesn’t look like the law has much reason to be lenient when Sony is seen as not taking this as a serious matter.
Please buy my Playstation 3, somebody. Now that I’ve played through Portal 2, I don’t need this overpriced reminder to distrust the cloud service internet. I am not going to buy a single Sony product again in my life. In a year when everyone has been hyping the perks of cloud storage, from Bloomberg Businessweek‘s glowing cover story to new music services from Amazon and Google, this has been a time when the net nerds have shown that if you go at them, they will strike back, pants you, and duct tape your underwear around your ankles while the competition gets to point and laugh.
Add PlayStation_Network@playstation-email.com to your address book
Valued PlayStation(R)Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:
1) Temporarily turned off PlayStation Network and Qriocity services;
2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.
Although we are still investigating the details of this incident,
we believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip), country,
email address, birthdate, PlayStation Network/Qriocity password and login,
and handle/PSN online ID. It is also possible that your profile data,
including purchase history and billing address (city, state, zip),
and your PlayStation Network/Qriocity password security answers may
have been obtained. If you have authorized a sub-account for your
dependent, the same data with respect to your dependent may have
been obtained. While there is no evidence at this time that credit
card data was taken, we cannot rule out the possibility. If you have
provided your credit card data through PlayStation Network or Qriocity,
out of an abundance of caution we are advising you that your credit
card number (excluding security code) and expiration date may have
For your security, we encourage you to be especially aware of email,
telephone and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this information,
you can be confident Sony is not the entity asking. When the PlayStation
Network and Qriocity services are fully restored, we strongly recommend that
you log on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services or
accounts, we strongly recommend that you change them as well.
To protect against possible identity theft or other financial loss, we
encourage you to remain vigilant, to review your account statements and
to monitor your credit reports. We are providing the following information
for those who wish to consider it:
- U.S. residents are entitled under U.S. law to one free credit report annually
from each of the three major credit bureaus. To order your free credit report,
visit www.annualcreditreport.com or call toll-free (877) 322-8228.
- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a “fraud alert” on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect you,
it also may delay your ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud alert, the others
are notified to place fraud alerts on your file. Should you wish to place a
fraud alert, or should you have any questions regarding your credit report,
please contact any one of the agencies listed below:
Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790
- You may wish to visit the website of the U.S. Federal Trade Commission at
www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania
Avenue, NW, Washington, DC 20580 for further information about how to protect
yourself from identity theft. Your state Attorney General may also have advice
on preventing identity theft, and you should report instances of known or
suspected identity theft to law enforcement, your State Attorney General,
and the FTC. For North Carolina residents, the Attorney General can be
contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone
(877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney
General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;
telephone: (888) 743-0023; or www.oag.state.md.us.
We thank you for your patience as we complete our investigation of this
incident, and we regret any inconvenience. Our teams are working around the
clock on this, and services will be restored as soon as possible. Sony takes
information protection very seriously and will continue to work to ensure that
additional measures are taken to protect personally identifiable information.
Providing quality and secure entertainment services to our customers is
our utmost priority. Please contact us at 1-800-345-7669 should you have any
Sony Computer Entertainment and Sony Network Entertainment