Sony: "We know you are upset" that PlayStation Network is still down
In the 24 hours since Sony informed the world that PSN had been hacked, customers are finally getting useful information about the hack and risk to them. Clearly, Sony is trying to quell fears about the privacy risk posed to as many as 77 million subscribers.
Today's update was a Q&A, labeled #1, so more may be coming. The post responds, in part, to questions PlayStation Network subscribers asked in comments to yesterday's shocking post admitting hackers had stolen massive amounts of data -- account names and passwords, addresses and phone numbers, birth dates and security questions. Exactly how did the hackers get so much information?
"All of the data was protected, and access was restricted both physically and through the perimeter and security of the network," according to Sony. "The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."
So basically, most of the personal information on Sony's network wasn't really protected. If PSN was a bank where robbers penetrated the building, they would have found credit cards in a vault and personal information lying out and about for the taking.
As previously disclosed, Sony is rebuilding the network before bringing it back online. "We expect to have some services up and running within a week from yesterday," according to Sony's Q&A #1. "However, we want to be very clear that we will only restore operations when we are confident that the network is secure." The network has been down now for 7 days.
I don't envy Patrick Seybold, Sony's senior director of Corporate Communications & Social Media. He's the frontman providing information and also taking the brunt of criticism or accolades from PSN subscribers in comments to his updates. "We know that the PlayStation Network and Qriocity outage has been frustrating for you," he writes. "We know you are upset, and so we are taking steps to make our services safer and more secure than ever before. We sincerely regret any inconvenience or concern this outage has caused, and rest assured that we're going to get the services back online as quickly as we can."
Subscriber comments at the Playstation Blog reveal much about human nature. There are those who blame Sony for lax security, while others praise the company for voluntarily taking down PlayStation Network to protect them.
"Finally, some progress," writes one commenter. "If most of the questions in that FAQ said something like 'We cannot comment at this time,' I would really have been disappointed. But it sounds as if Sony is on top of everything. Thank you for this update, and good luck with the impending class action lawsuits."
"As a computer network engineer, this is very unacceptable," writes another commenter. If you have such a massive list of user information and data, it should be encrypted, period. Just because it's behind 'security' doesn't mean it shouldn't be encrypted. Sony, you failed your user on a worldwide scale in regard to protecting their personal information."
Betanews readers are commenting, too, more than 400 to Ed Oswald's weekend update on the PSN hack and takedown. "If all 70+ million accounts were compromised, Sony is in deep trouble," Noel Blackman comments. "No one will trust their security from this point on, no matter what they do." Betanews reader Ilan Lev links to a Norwegian-language news story at Pressfire, where "Fredrik Klærud discovered that his PSN registered credit card has been charged several times from April 17 - April 20."
Yesterday, Sony revealed that the hack occurred between April 17-19. However, the company didn't make the discovery and take down PSN until April 23. One person's account is no smoking gun that credit card numbers were stolen after all. That said, in FAQ #1, Sony does acknowledge: "We cannot rule out the possibility."
Sony is dispatching emails to its 77 million PlayStation subscribers. Mine arrived while writing this post, coincidentally. It's basically the same information released yesterday on the Sony PlayStation Blog.