siliconANGLE » Data Loss from PlayStation Network Extended to Sony Online Entertainment

Data Loss from PlayStation Network Extended to Sony Online Entertainment

Kyt Dotson | May 3rd
READ MORE

playstation-network Sony Online Entertainment went temporarily offline Monday after it was discovered that they also lost customer records in a hack that attacked the PlayStation Network. In this latest string of video game and entertainment related information loss, it continues to send ripples through consumer awareness of how vulnerable their information can be online.

The initial breach occurred between April 17 and 19 and it took Sony over a week to warn its almost 77 million users about it. CNet News is reporting right now that Sony is offering to compensate customers who have suffered financial losses (due to credit card reactivation.) However, the revelation of the discovery of the loss from their entertainment branch comes right on the heels of their preparation to restore the PlayStation Network (which they had also taken down due to the previous breach.)

Wired reports on the new depth of intrusion as it affects SOE:

Sony said that the compromised personal information includes customers’ names, addresses, e-mail addresses, birth dates, gender, phone numbers, logins and hashed passwords.

Also at risk are the credit card numbers and expiration dates of 12,700 non-U.S. customers, plus 10,700 direct debit records from customers in Austria, Germany, Netherlands and Spain, containing bank-account numbers, customers’ names and addresses. This information was stored in what Sony said was an “outdated database from 2007.”

Hackers may have had this information for more than two weeks now. The intrusion occurred April 16 and 17, Sony said.

Sony was also quick to point out that there is no evidence that their main credit card database had been compromised as it was stored in a newer and more sophisticated environment.

This portion of the breach may explain why Sony believed that PSN credit card information has remained safe (and said as much to its customers) while personal information and passwords had been hacked; but customers were contacting sites such as Ars Technica with what they believed to be PSN-related credit fraud.

It may take more than a week to get the PlayStation Network back up and running again—although Sony announced that they would be returning certain services possibly earlier—but the new revelation of losses from SOE may change that timetable. Sony did not mention when SOE would be reactivated.

Sony expects to compensate PSN customers with 30 days of PlayStation Plus service and SOE costumers with 30 extra days of subscriber time, plus an extra day for each additional day that it remains down.

With the rise of personal and financial data being tied to people and traded as secrets with corporations for subscription services, it leaves customers open to credit identity theft. Reports of data breaches are pretty common nowadays and as much as they affect large financial institutions like Visa and MasterCard, they also affect everyday customers.

Perhaps it’s time that we rethink the way that subscription services work.

If transaction institutions such as Visa and MasterCard would instead develop one-time subscription contracts that use a credit-card as an initial authenticator, it would make breaches like this much less damaging to users. It wouldn’t save people from having personally identifying information stolen (that may be inescapable) but it could save their credit card information and/or personal account information from being pilfered. If subscription contracts worked between the financial institution and the subscription service with the consumer validating the contract, it would mean the hackers could only see and affect the subscription—meaning they couldn’t then run off and drain a bank account or a credit card with frivolous purchases because the contract would only enable Sony to interact with Visa.

Much in the same way that Sony believes that their primary credit card database hasn’t been breached, if services only walled off their transactions it would reduce the total damage an attacker could do. With lax security at both the consumer level and extremely lucrative databases with customer information within the institutional strata, we will only see a rise in cybercriminals trying to get their hands on it.

About Kyt Dotson

Technology and civilization walk hand in hand and civilization is nothing without the skin of society, brushing up against itself, speaking strange nothings across dimly lit avenues and computer screens. If we're going to understand ourselves in this digital era, it will be through watching the adoption of technology by people to express themselves as people. I am an anthropologist and an author of science fiction and fantasy--and with my technology, I hope to open up new and exciting worlds that will not just enlighten the humanity of my friends and fans but also educate and enhance the expression of their own personhood. Find more of my work on Google+.
Post comment as
twitter logo facebook logo
Sort: Newest | Oldest

Trackbacks

  1. PlayStation Network Still Down, Ups the Ante for Users with Identity Theft Insurance | SiliconANGLE says:
    May 9, 2011 at 11:47 am

    [...] their already highly irritated user base. PlayStation Network has been offline since April 20th after they discovered the initial breach and no doubt they’ve probably suffered the worst possible attrition already over the past two [...]

  2. How Secure is the Personal Cloud? Apple, Dropbox #FAIL | SiliconANGLE says:
    May 16, 2011 at 3:00 pm

    [...] In what is possible have been the largest scale hack in history, personal and financial data of over 70 million users may have been compromised, at least to some [...]

  3. Square Enix Confirms 25,000 E-mail Addresses Taken in Website Breach | SiliconANGLE says:
    May 17, 2011 at 12:34 pm

    [...] feel with their information stored in video game networks. First, the hacks took PSN offline, then Sony discovered they went deeper than expected. Congress has been considering the safety of citizens as related to how much information taken from [...]

  4. New PlayStation Network Exploit Discovered, Exacerbated by Recent Hack | SiliconANGLE says:
    May 18, 2011 at 12:34 pm

    [...] Sony’s PlayStation Network suffered a massive intrusion exposed 24.6 million user accounts (across PSN and SOE). Some of the secret information exposed about PSN users happened to be exactly [...]

  5. Akamai Provides Game Companies Shelter from Thunderstorms in the Cloud | SiliconANGLE says:
    May 19, 2011 at 1:32 pm

    [...] factor. It has been a stormy past few weeks for the online gaming industry when hackers struck and compromised data on the PlayStation Network and even struck [...]

  6. Sony Revenues Decline as PSN Breech, Tsunami Stack Up | SiliconANGLE says:
    May 23, 2011 at 11:08 am

    [...] the biggest and most sophisticated cyber attacks in history. Initially, it took Sony over a week to find out about the hack in the first place, at which point it shut down its entire gaming network for just [...]

  7. Sony Thailand Server Becomes Host for Phishing Site | SiliconANGLE says:
    May 23, 2011 at 1:11 pm

    [...] Site Kit Dotson | May 23rd Tweet Due to recent circumstances, Sony has found themselves in the limelight recently due to PSN downtime after massive data breaches. As a result, we’ve been noticing a lot more about how poorly guarded [...]

  8. Sony Thailand Server Becomes Host for Phishing Site | Stop Spam Tips says:
    May 23, 2011 at 10:58 pm

    [...] to recent circumstances, Sony has found themselves in the limelight recently due to PSN downtime after massive data breaches. As a result, we’ve been noticing a lot more about how poorly guarded [...]

  9. Infographic: The Cost of the PlayStation Network Hacks and Shutdown | SiliconANGLE says:
    May 25, 2011 at 12:23 pm

    [...] gaming network shutdowns in our history when Sony yanked the plug on the PlayStation Network in the wake of having customer data exposed by hackers. It took almost 20 days for the service to start to come back again and now that it is, Sony is [...]

  10. Sony May Change Production Strategy for NGP to Reduce Costs | SiliconANGLE says:
    May 30, 2011 at 11:12 am

    [...] thorn in Sony’s side happens to be the general distrust in the PlayStation Network after numerous security breaches exposed sensitive customer data and potentially credit card information. A new product line, [...]

  11. E3 2010: In Retrospect of Expecation | SiliconANGLE says:
    June 6, 2011 at 1:24 pm

    [...] whatever happened or didn’t happen to them at E3 2010 takes a back seat to the takedown of the PlayStation Network by hackers that lasted nearly a month and has cut deeply into the credibility of both the service and the [...]

  12. Missing Lulzsec Already? Watch These Hacker-Inspired Movies | SiliconANGLE says:
    June 30, 2011 at 2:46 pm

    [...] following websites in less than 3 months’ time: infragardatlanta.org, CIA website, pbs.org and PlayStation Network. In total, the Lulzec invasion compromised more than 77 million user [...]

  13. Sony Revenues Decline as PSN Breach, Tsunami Stack Up | SiliconANGLE says:
    July 29, 2011 at 11:20 am

    [...] the biggest and most sophisticated cyber attacks in history. Initially, it took Sony over a week to find out about the hack in the first place, at which point it shut down its entire gaming network for just [...]

  14. Save The Date: December 17, Sony PlayStation Vita Japan Launch with 3G Enabled | SiliconANGLE says:
    September 14, 2011 at 2:13 pm

    [...] never existed.  So I thought it was just one of those concept devices, too good to be true.  Then the PlayStation Network was hacked so the portable game console rumor took a backseat.  But at the E3 Expo 2011 held last June, I got [...]

  15. .tel+layar = .telayar » Save The Date: December 17, Sony PlayStation Vita Japan Launch with 3G Enabled says:
    September 14, 2011 at 5:27 pm

    [...] never existed.  So I thought it was just one of those concept devices, too good to be true.  Then the PlayStation Network was hacked so the portable game console rumor took a backseat.  But at the E3 Expo 2011 held last June, I got [...]

  16. Sony Dodges Behind Updated EULA to Avoid Responsibility for Future PSN Security Breaches | SiliconANGLE says:
    September 16, 2011 at 12:40 pm

    [...] at the nearly month-long loss of service after a hacker compromised over 1 million user accounts on PSN, it’s easy to see why Sony might be trying to head off future reactions from their [...]

  17. Sony Predicts Over $1.1 Billion Full-Year Net Loss After Numerous Setbacks | SiliconANGLE says:
    November 4, 2011 at 5:42 am

    [...] resulting the tsunami that shut down production at 10 factories in March. Shortly thereafter, the PlayStation Network suffered a gigantic break-in embarrassing Sony in how terrible their online security happened to be (and it simply continued to get worse.) That [...]

  18. Sony Predicts Over $1.1 Billion Full-Year Net Loss After Numerous Setbacks | Earthquakes Info says:
    November 4, 2011 at 1:48 pm

    [...] ensuing a tsunami that close down prolongation during 10 factories in March. Shortly thereafter, a PlayStation Network suffered a enormous break-in annoying Sony in how terrible their online confidence happened to be (and it simply continued to get worse.) That [...]

  19. Sony Predicts Over $1.1 Billion Full-Year Net Loss After Numerous Setbacks | LAST DISASTER says:
    November 4, 2011 at 4:14 pm

    [...] ensuing a tsunami that close down prolongation during 10 factories in March. Shortly thereafter, a PlayStation Network suffered a enormous break-in annoying Sony in how terrible their online confidence happened to be (and it simply continued to get worse.) That [...]

  20. Sony Fined £250K for 2011 Hack, Weak Security Core Complaint | SiliconANGLE says:
    January 29, 2013 at 2:12 pm

    [...] Tolentino | January 29th READ MORE Tweet In 2011, Sony’s PlayStation Network was hacked and compromised 77 million accounts exposing customer names, addresses, dates of birth, passwords [...]