Sony keeps it honest after latest security breach

Sony keeps it honest after latest security breach

Summary: Sony is saving face, and therefore customers, with a preemptive note to PlayStation Network members.


When Sony's PlayStation Network suffered a major, worldwide security breach, putting millions of people's identities at risk, one of the biggest complaints from customers asked why didn't Sony say something sooner.

This time, Sony obviously learned a good lesson in PR and is being honest from the get-go.

In a note to PlayStation Network members, Sony’s chief information security officer Philip Reitinger wrote that there have been several attempts detected on the following services: the Sony Entertainment Network, the PlayStation Network and Sony Online Entertainment.

Specifically, these hackers tried to "test a massive set of sign-in IDs and passwords against our network database," which turned out that most of the matches failed and the data probably came from a source other than Sony.

Nevertheless, less than one tenth of one percent of the PSN, SEN and SOE audience might have been affected, breaking down to approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded.

But Sony insists that credit card numbers are not at risk.

The full note is available on the official PlayStation blog, but here's an excerpt about Sony's strategy in this situation:

As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password.

Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on.

Based on the comments section below the post, the responses from PSN members are remarkably different in tone from what we saw in April -- and even what we've seen from customers of other companies following major announcements. (Seriously, have you seen the comments following Netflix CEO's Reed Hastings posts after the Qwikster debacle? Talk about rage and bitterness.)

Not this time. Instead, many commenters said thank you to Sony for being so upfront about the situation this time, no matter how much smaller it might be. Sony is finally being as transparent as it should have been in the first place, giving PSN members adequate time to react to what could be a very serious situation for some of them.

Sony just need to keep us all posted from here on out.

Topics: Security, Hardware, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Sony keeps it honest after latest security breach

    I find Sony doing anything honestly highly suspect considering their previous track record. I personally stopped buying anything Sony after the rootkit fiasco.
    • Ditto

      Same here.
    • Some people would complain if they were hung with an old rope

      @smashandgrab I for one logged into Everquest 2 last night without any problems. Of course my password is a pain in the butt to hack. I think the mean time to crack it was something like 3 months as of last week.
      • RE: Sony keeps it honest after latest security breach

        I wouldn't imagine that would matter if they were getting your info from the back end.
  • RE: Sony keeps it honest after latest security breach

    Sony will send an email for a password reset? Ha, social engineering scammers will just love this!!!
    • RE: Sony keeps it honest after latest security breach

      That's what I thourght :-(
  • Still wary.

    For me, the quality of product is still high enough to warrant using it despite the sucky behavior of the provider, but I have very little respect left for the company itself.
    While I do believe in and allow for genuine change and improvement, I take this announcement with a grain of salt--there's still a good part of me that asks, "So what are they NOT saying as they inform us of this attack?" I hope for everyone's sake it's nothing...