On Friday April 22, 2011 the Sony PlayStation Network stated that as of April 19 th they had become aware that PlayStation and Qriocity user accounts had been hacked. Prior to this notification they have made several announcements, none of which providing the exact details for the disruption in network services.
During the time leading up to the official 
public disclosure Sony had disabled their system which left many PlayStation Network users in the dark about the true circumstances surrounding the event. It wasn’t until April 26, 2011 that Sony offered the full explanation that user account information and potentially their financial information had been unlawfully acquired during an intrusion. The unauthorized intrusion of the network accounts left over 70 million users as well as their personal and financial information at risk. For a full timeline visit PlayStation Network Hack Timeline.
Because Sony had waited a full 6 days after the time of discovery to present a fully detailed announcement most people are wondering why the delay with informing the public. Typically when a breach does occur it is not uncommon for some amount of time to pass before the public is fully informed, this is usually to confirm the facts, consider solutions and prevent public panic. However during this time users could have been taking their own preventative measures by informing their credit card companies, monitoring credit reports, and avoiding phishing scams. For a great article concerning the legality of informing the public in the event of a security breach visit PlayStation Network hacked, data stolen: how badly is Sony hurt?
The PlayStation Networks Official Website released a statement detailing what efforts are being made to rectify this unfortunate situation and promises that it is a temporary issue that will be cleared up as soon as possible. Currently the network connection is still deactivated. An outside security investigation company has also been contracted to investigate the security breach and Sony is currently developing new security features. With these new features they hope resolve the system’s vulnerability and provide more safety precautions to protect a user’s personal information in the event of future occurrences.
It is PlayStations fear that the unlawful invasion into user information exposed user names, addresses, email address, birthdays, passwords, logins, purchase history, and even billing information. The official statement goes on to state that even though there is no evidence that credit card information was obtained they are not ruling out the possibility. Although many Sony officials believe that the hack was to gain notoriety as opposed to financial information they cannot be certain. As Sony continues to work around the clock to regain the confidence of its customer’s users should be taking the following actions to ensure the security and protection of their information.
What you should do!
- It is advised that if you have provided any credit card information that you contact the card company and inform them that your information may have been obtained during this event.
- It is also urged that users be mindful of email, phone, and postal scams. Sony has said that they will never contact a user to acquire credit card numbers, social security numbers, or any personal identifiable information. Often hackers will take the portions of useless information and contact you pretending to be the organization in order to obtain the rest of the information that they require.
- Monitor financial activities and credit reports. Sony has provided several links on their customer notice page that can be used to check your credit report and place alerts on your accounts. Placing alerts on your account is a great security precaution and will help protect you from other users accessing your accounts.
- Sony also advises that once the network is secure and user connection is reestablished that a user should change their login information immediately.
It’s important to remember that these kinds of incidents happen all the time and unfortunately they are the reason why we need implement more and more secure practices every day. Any fraudulent charges that do result from this incident will of course be handled by Sony. One issue left un-answered is why Sony chose to wait so long to inform its users about the potential security threat?
What do you think? Should Sony have disclosed the full details and given customers the opportunity to protect themselves sooner, or were they right to gather all the information before causing panic?
Thanks for Reading and Have a Great Day!
Dustin
Providing Tech Support for Businesses in Maryland
Tags: Information Security, network attack, PlayStation, PlayStation Network, Sony, user, user accounts, user protection
