Sony Claims It Told Users of PSN Info Breach Immediately

[Owyn_Merrilin]

I think Sony is telling the truth about not having known what information had been accessed until yesterday; why on earth would they sit on an information bomb like that? It's certainly not in their best interests, either legally or from a PR standpoint. However, posting about the breach on their blog and official twitter feed is not going nearly far enough for a breach of this magnitude. Newsflash: the majority of Sony's customers do not read either the blog or the twitter feed, nor should they be expected to. You just don't bury information this big on a website that only your most dedicated fans read.

So what should they have done? Well, first and foremost, they should have made a press release. No, I'm not talking about the gaming press; I mean an honest to God press release, to all of the major networks. Potential identity theft on this scale (speaking in raw numbers -- I've never heard of an entire database being stolen before) makes the national news all the time; I see no reason for that to change just because it was a videogame company this time and not, say, a bank. Beyond that, they could have sent e-mails to all customers, but as others have noted, this may be a bad idea, because whoever has the list has the ability to send out mass emails of their own, and fake emails can be convincing. I remember one I got for a battle.net account that I knew did not exist; if I had actually been a WoW player, I might have fallen for it, despite being a fairly well educated gamer and internet user. It was so convincing that my first thought was somebody had created an account in my name for some nefarious purpose or another. All this to say that with the e-mail list compromised, it's not surprising that they were reluctant to use e-mail as the primary mode of contact.

Some of you may have been reading my posts in the earlier thread, where I put the blame for the breach squarely on Sony. Before people start railing on me for being a hypocrite, my stance is that Sony screwed up royally in allowing this to happen in the first place, but that they are generally doing a good job with the cleanup. I think it's ridiculous for them to expect a blog-post to be sufficient notice about a breach of this magnitude, but I have no reason to believe that they are lying about when they found out what information had been compromised.

Edit: I have a feeling that Sony may have done exactly what I suggested they should have, but I don't know, because I'm a college student a few days out from Finals week, and I haven't watched any TV -- news or otherwise -- since the first episode of the new series of Doctor Who last Saturday. This post was going on the information I've gleaned here on The Escapist; if they actually did put out a press release, I'd say Sony is handling the aftermath of the breach quite well, even if they are largely at fault for it happening in the first place.

 

[Treblaine]

I'm going to spend the rest of the day changing passwords for every site I can possibly think of.

I recommend everyone else does too, regardless of PSN familiarity if this doesn't scare you sensible nothing will.

I just hope they didn't get my bank details, that is a load of bullshit I DO NOT want to deal with.

 

[The Unworthy Gentleman]

So is this just the PS3, or does it affect PSP as well? These are things we need to know.

I would say so, it all goes to the same network. I don't remember if I put my credit card info into my brother's PSP so I'm a little worried, but then I remind myself I'm poor as fuck.

OT: Looks like they didn't tell many people, they just made a blog post. Honestly, Sony have really fucked this one over for themselves. They made a blog post about it and got to the hack weeks after everyone knew that the system had been compromised. Nice going Sony.

NOTE: My Captcha had a fucking Pi symbol in it. What the fuck, how do I do that?

 

[Harbinger_]

If you have an intrusion on April 19th you let people know on the 19th not the 26th. Immediately my ass. Oh and by the way still no e-mail. Sony didn't just drop the ball, they dropped it down a 150 foot well filled with man-eating sharks with lasers attached to their skulls.

So, when do the lawsuits begin?

Not sure but if it's class action I want my name on the list.

 

[johnnnny guitar]

You didn't tell me shit I haven?t gotten an email or message from Sony
The places I've heard about it have been online or the news never from
Sony personally If youre gonna tell me that you've told me you have to tell me yourself

 

[Nixzilla]

if i rember right they claimed it wasnt a external attack at first

 

[Woodsey]

I'm sorry what? I'm a PSN user and I wasn't informed. At all. In any way shape or form. Not even warned about the possibility. I mean....I'd have loved to have been told. I mean...An email would have been nice. So I call LIES! Or at least not the full truth.

Its been all over gaming sites and the regular news (and yes, that does count as being informed by Sony before someone pulls their dick out and starts fucking the semantics... or something like that).

I can imagine that if you're sending an email to millions of people, there's going to be a delay for some.

OT: I assume we're all just going to assume they're lying because... well, because that's what we always like to assume, right?

 

[Treblaine]

Are you telling me that you sat on the information of 70 million users while the PSN was down for seven days and you're telling us NOW that they're in jeopardy?! AND you have the balls to tell us that you told us immediately?! I don't buy that, Sony. If you even cared about this issue in the slightest, then you'd have made damn sure that our identities and information aren't in the hands of hackers.

It would not be immediately obvious what an infiltrator stole.

It's not like stealing jewels from a bank vault where it's totally obvious they are gone, The original files are copied and remain there. Most file operating systems do not record how many times or when or where a file is copied, it may indicate where a file has been copied FROM but not if the original file had a copy mad from it.

It would take a while just to figure out WHERE they had accessed and WHAT data had moved, a very VERY tricky task that basically relies on tricks and traces in the code, deducting movements within the system.

So its entirely likely they did not know the breach was this bad until now.

Please, brush up on computer literacy before making accusations of deception.

It would be irresponsible to say personal data HAD been compromised unless they actually determined that, and determining that takes time.

 

[zaly]

I for one, believe Sony.
The reason why I reckon they are telling the truth is, I can't think of a reason why they would actually lie.
Seriously, how would waiting 6 days before they told us help them in any way? They wanted to actually find out what had happened before giving speculative updates (that would have been lies if they had released updates before actually knowing themselves what had happened)
As far as I can tell, they haven't handled the crisis as best they could but they aren't doing that bad either. I think this is a case where whatever they did, people would be angry at them. One thing to notice is they even say that the credit card information is only a possibility, and may not have even been taken.
And in terms of contacting people, we've been told an email is on the way, and in the meantime theyve posted it on their official websites. What else could they have done? You could complain that emails aren't enough as not everyone checks there email! And theres no chance that 77 million people would have received a personal phonecall from a Sony employee. But even if they had - people may not have been able to receive the phonecall! I think they have done all they can in contacting people - the fact they posted it on their website has started a chain reaction where the media and other websites are reporting it - so yeah I'd say theyve done a good job of letting people know.
Also, as lots of other people have been saying, sadly hacking is almost impossible to protect against - the same thing could just have easily happened to another company if the hackers had targeted them instead.

 

[Treblaine]

The title: "Sony Claims It Told Users of PSN Info Breach Immediately"

Is not supported by the quote from Sony which only said they said what they knew at the time. The title implies Sony is (blatantly falsely) claiming they told everyone their detail had been hacked "immediately" as in as soon as the shutdown began. When apparently they didn't even know that as a fact at the time.

if i rember right they claimed it wasnt a external attack at first

Where?

I remember a whole long thread about people bitching about Sony officially voiced their suspicion an outside infiltrator.

 

[MightyMole]

We learned there was an intrusion April 19th and subsequently shut the services down,"

What? Sorry I thought you said "Anonymous" shut down your servers? Oh thats right, you merely led us to believe that through select wording. Sony, you're garbage. With all this BS you keep spewing out, I almost feel like I should be compinsated in some way... And I don't even have my payment info on PSN!

 

[Tony2077]

We learned there was an intrusion April 19th and subsequently shut the services down,"

What? Sorry I thought you said "Anonymous" shut down your servers? Oh thats right, you merely led us to believe that through select wording. Sony, you're garbage. With all this BS you keep spewing out, I almost feel like I should be compinsated in some way... And I don't even have my payment info on PSN!

wasn't anon the earlier ddos attack stuff i don't think they said anything about them this time

 

[MightyMole]

We learned there was an intrusion April 19th and subsequently shut the services down,"

What? Sorry I thought you said "Anonymous" shut down your servers? Oh thats right, you merely led us to believe that through select wording. Sony, you're garbage. With all this BS you keep spewing out, I almost feel like I should be compinsated in some way... And I don't even have my payment info on PSN!

wasn't anon the earlier ddos attack stuff i don't think they said anything about them this time

Ok, you're right. Anon wasn't necesarrily the correct term to use there, I apologise. What they did say was an external attack caused the PSN to go offline, leading many people to believe that this external attack took down the servers, and not Sony. They probably wouldn't have even told us THEY were the ones who took down if they didn't get caught in their "selective wording". I honestly don't care who did it, it's complete garbage of the company to lie like that.

I'd also like to say, I called the whole "'PSN has been shut down due to external attack', thats what we said, it was attacked so we shut it down. You can't get mad at us for that! We're the victims!" thing.

 

[Tony2077]

We learned there was an intrusion April 19th and subsequently shut the services down,"

What? Sorry I thought you said "Anonymous" shut down your servers? Oh thats right, you merely led us to believe that through select wording. Sony, you're garbage. With all this BS you keep spewing out, I almost feel like I should be compinsated in some way... And I don't even have my payment info on PSN!

wasn't anon the earlier ddos attack stuff i don't think they said anything about them this time

Ok, you're right. Anon wasn't necesarrily the correct term to use there, I apologise. What they did say was an external attack caused the PSN to go offline, leading many people to believe that this external attack took down the servers, and not Sony. They probably wouldn't have even told us THEY were the ones who took down if they didn't get caught in their "selective wording". I honestly don't care who did it, it's complete garbage of the company to lie like that.

I'd also like to say, I called the whole "'PSN has been shut down due to external attack', thats what we said, it was attacked so we shut it down. You can't get mad at us for that! We're the victims!" thing.

well the external attack did take it down but not in the way many people thought. its really not Sony fault that people interpreted what they said the wrong way

 

[MightyMole]

snip

snip

snip

snip

well the external attack did take it down but not in the way many people thought. its really not Sony fault that people interpreted what they said the wrong way

Well it kind of is, because it was, as I said, selective wording. They said what they said on purpose so it wouldn't be clear exactly what happened and they could pawn it off on a scapegoat rather than take full responsibility for their part. Leading people to believe that some super hacker hacked into their mainframe and took down PSN and while he was in there took everyone's information is different than some guy who hacked his PS3 found how to gain access to everyones information and so Sony had to shut down PSN to contain the situation.

Sure their hands are clean because technically they told everyone what was happening, but it doesn't mean their customers shouldn't feel any less lied to when they reveal what really happened wasn't necesarrily what they were led to believe. Sony could have just as easily said "We shut down PSN untill we can fix this problem" to clarify to their customers what exactly is going on.

 

[Saltyk]

Well, I'd say that it's a safe bet that whoever is responsible for this did something. The most obvious explanation is that they hacked PSN to access the client's personal information for the purposes of identity theft. Could they have done it for the fun of it? Sure. Anything is possible. But I'm going with the principle of Occam's razor.

If it's okay with you, I'll be sad that doublespeak is not flagged as misspelled while Occam's razor is.

Technically, Occam's Razor falls on "they did it for the lulz" as it's a more simple explanation than "organized crime syndicate," but please consider that a random whimsical observation not any kind of counterargument.

I actually agree with you that mass identity theft is likely, but still want to point out there's no evidence for it at all, and that if there is evidence of it and Sony is withholding that information then it's kind of a big deal (maybe even a bigger deal than the alleged theft itself).

I'm really just trying to inject some sanity into this whole debacle, and kind of bitter that the Escapist writers are deliberately misstating the facts in an effort to sensationalize the story.

I can see your point that someone doing it for the lulz is a "simpler" explanation, but would argue that for someone to put the effort into this, they'd have to want to earn something out of it. And while I doubt the Mafia hacked PSN, anything is possible. I was thinking small group of hackers. Like, say, Anonymous. Or a similar, less obnoxious group.

Now, why would you think Sony would be giving out all the information that they have about this perpetrator(s)? As I've already stated, they are likely working with authorities to catch this attacker. Whatever information they might have uncovered is probably being withheld until they manage to catch this crook. If they managed to trace the ISP or anything concrete, they probably don't want to alert the crook(s) to it. I'm giving Sony the benefit of the doubt. As I've stated before, Sony is a victim here, too. And, assuming they are working with legal authorities, they are probably being told what they can and can not say.

To be honest, this whole thing has made me disgusted with gamers. All the stupid fan boys, the trolls, and the blind anger at a company for "not doing enough" is ridiculous. And I'm also angry at the Escapist writers for the way they wrote this up. At first, I too had thought that Sony knew of the information that might have been stolen for over a week. It was only after I actually read the article that I realized that wasn't necessarily the case.

 

[BrunDeign]

I can't tell if this is a good thing for Sony or not.

On the one hand, they're saying they weren't aware of the breach until recently and can't be faulted for not knowing about it.

On the other hand, this means that it took them almost a week just to get their crap together enough for someone to see that everyone's information had been leaked.

 

[The Artificially Prolonged]

/looks at email

Yeah no. Still have yet to be told by them.

Lawl.

Yep same here, good thing I visit this site regularly because I would not have had a clue any of this happened. Oh thanks for the heads up Sony /scarcasm

 

[Emergent]

Now, why would you think Sony would be giving out all the information that they have about this perpetrator(s)? As I've already stated, they are likely working with authorities to catch this attacker. Whatever information they might have uncovered is probably being withheld until they manage to catch this crook. If they managed to trace the ISP or anything concrete, they probably don't want to alert the crook(s) to it. I'm giving Sony the benefit of the doubt. As I've stated before, Sony is a victim here, too. And, assuming they are working with legal authorities, they are probably being told what they can and can not say.

To be honest, this whole thing has made me disgusted with gamers. All the stupid fan boys, the trolls, and the blind anger at a company for "not doing enough" is ridiculous. And I'm also angry at the Escapist writers for the way they wrote this up. At first, I too had thought that Sony knew of the information that might have been stolen for over a week. It was only after I actually read the article that I realized that wasn't necessarily the case.

Hell, it was only after I went to half a dozen other sites to confirm that the blatant lies here at the Escapist were just that (it normally isn't my first instinct to think a "news" article is literally a falsification, so I guess I gave Any Chalk here too much benefit of the doubt) that I really got on the soapbox here.

As to why I think Sony should give information about the perpetrators... uh, I don't? I said if they have evidence that credit card information was stolen they have an obligation to present that to their customers immediately, and not in vague terms such as "we believe there might be an intrusion". If they don't have evidence of such a thing... what's this all about, again?

 

[CommanderKirov]

Took you a week to identify what happened when you were breached.

I'm dissapointed.