Last week, the Playstation Network was hacked. Sony immediately took it offline and hired a forensic security team to investigate. A week later, Sony revealed that the forensic team discovered widespread information theft, from names and addresses to PSN login IDs and their passwords. People were pissed. Here’s why I think everyone needs to quiet down and take a deep breath.

Here are the facts, compiled recently in an official Q&A post on the Playstation Blog:

  • Prior to the incident, everything was secured by the most advanced systems and technology available to Sony.
  • Credit card information was encrypted. Location information was not. Both were protected by separate, redundant security measures both electronically and physically.
  • Someone, an individual or a group, hacked into the the Playstation Network through unknown means, took an unknown amount of data, and then covered their tracks.
  • It took six days for the professional forensic team, including law enforcement, to discover what happened. On the seventh day, Sony told everyone what they discovered.
  • Location information was probably taken for at least some, if not all, PSN users. Credit card information probably wasn’t, given separate encryption protocol.
  • Sony is currently working on implementing new security measures, moving its servers to a new facility, rolling out new firmware, and (reportedly) distributing new software development kits.

That’s the bulk of the issue. If you were affected, here’s what you should do:

  • Change your PSN password as soon as it’s back up. This will likely be a requirement for all users anyway.
  • Change any coincidental passwords, such as those for your email and for any accounts using the same username as either your email or your PSN ID. For instance, if your PSN ID is “Jimbo975” and your email is “Jimbob975@bobmail.com” and your password was the same for both of those, you definitely need to change your password for both your PSN account and your email account. Coincidental passwords are the most common way that hackers are able to break into new accounts.
  • If you’re concerned about your credit card, place a fraud alert on it through either your bank or one of the three major credit companies. Either way, keep track of your finances more closely for the next few months and be mindful of any anomalies.

That’s it. Odds are your location data was probably out there anyway, so there’s nothing you can do about it. Your passwords can be changed and your credit card information is 1) probably still safe and 2) easily protected even it gets decrypted.

“When a terrorist act happens, you blame the terrorist. When a bank is robbed, you blame the robbers. Yet when Sony’s network is hacked, people blame…Sony?”

So why is it that people are so up in arms and ready to blame Sony for what happened? When a terrorist act happens, you blame the terrorist. When a bank is robbed, you blame the robbers. Yet when Sony’s network is hacked, people blame…Sony? Wait a second: why aren’t we blaming the hacker(s) who did this?

As if that wasn’t enough, a class action lawsuit just started alleging that Sony didn’t do enough to prepare for such an incident and that they handled it poorly by failing to communicate the extent of the damages in a timely fashion. So now the lawyers are computer experts, too, able to tell what’s “good enough” and what’s not?

How many laypeople really know all that much about hacking? How many people can tell when something is easy or difficult to hack? How many people even know why hackers do what they do? If my friends’ facebook comment threads are any indication, some people truly believe that Sony, one of the biggest hardware and entertainment giants in the country, wasn’t doing anything to protect consumer data, that they’d be easy to hack into, and that hackers do what they do solely to be malicious.

Au contraire, the Playstation 3 lasted longer than any other console in history in terms of resisting hacking attempts. Doesn’t that say anything about Sony’s knack for security?

Of course not. They try to protect their property and security integrity in a lawsuit against George Hotz and suddenly the entire hacking community has Sony in their sights. Some people would say that they deserved it as a result of that, but regardless of if they did or not, how is it their fault that an individual or a group of individuals targeted their customers with malicious actions?

“What those people [who blame Sony] are saying isn’t that Sony deserved it, but that all 77 million Playstation Network subscribers, equivalent to 25% of the United States population, deserved it for being users of their hardware and software. I just can’t get behind a movement like that.”

What those people are saying isn’t that Sony deserved it, but that all 77 million Playstation Network subscribers, equivalent to 25% of the United States population, deserved it for being users of their hardware and software. I just can’t get behind a movement like that.

I’m a Playstation Plus subscriber, too. I love my Playstation 3 and I’ve continued to play it offline throughout the outage. More than anything else in this matter, my heart goes out to the developers who can’t market or release their games during this time; I’m more upset that I can’t download Clash of Heroes HD than I am at my location information being at large in the hands of some hacker. Realistically, I inherited a ceaseless stream of junk mail by moving into my apartment complex that hasn’t stopped regardless of the number of emails and phone calls I’ve made, so what can my address being out there again possibly do beyond that?

I just see this outrage as the same routine outrage that people get when a game is delayed, when games are monetized differently, or when DLC comes out; a bunch of entitled brats getting pissed off because they have no idea how things actually work. Like game development, information security is a difficult and complex business that people on the outside don’t understand. Give the people involved some credit for doing a good job thus far, understand that incidents happen no matter how prepared you are, and lighten up a little while those same folks that provide you a service you enjoy work to get that service back where you want it to be.

“Give the people involved some credit for doing a good job thus far, understand that incidents happen no matter how prepared you are, and lighten up a little while those same folks that provide you a service you enjoy work to get that service back where you want it to be.”

And please, please, please stop blaming the victim. I’m in the field of criminology and that kind of attitude stinks over there just as much as it does here in entertainment.

What happened to Sony is akin to a terrorist attack in the information age: you do everything you can to protect yourself, but sometimes your defenses aren’t good enough and someone slips in to do a world of damage.

Hey, at least you’re not a Yankees season ticket holder. One of their ticket reps just emailed a few thousand people the names, addresses, phone numbers, email addresses, and account numbers of 21,466 season ticket holders.

Sony’s incident is a tragic event and the result of malicious intruders that couldn’t be stopped, but what happened with the Yankees is just plain idiocy. Think about it; it’ll give you some perspective.

Advertisements