Between the Lines

Larry Dignan, Andrew Nusca and Rachel King
Home / News & Blogs / Between the Lines

Sony's PlayStation Network data breach: Game networks an irresistible hacker honey pot

By | April 27, 2011, 1:56am PDT

Summary: Sony’s massive data breach raises two questions. First, can Sony recover? And then there are questions about whether other game networks will be targeted.

Sony confirmed that its PlayStation Network and Qriocity properties were hacked and the personal data of 77 million users—names, addresses, log-ins, passwords and profile data—were swiped.

According to Sony’s blog post, credit card numbers weren’t swiped, but you can’t really rule out the possibility that they were stolen. Sony said:

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

This incident brings up a few thoughts.

Here are the primary items:

  1. Can Sony recover? Sony is going to have a tough time recovering from this breach. First Sony’s PlayStation Network has been down for a week. Sony doesn’t communicate to customers well. Then, Sony dumps this personal data loss on customers. As a sidebar, Sony talked up its two tablets, which partially depend on the PlayStation Network and Qriocity properties for a value proposition. Good luck with that one Sony.
  2. Game networks are such obvious theft targets. The most staggering item in Sony’s breach disclosure is the sheer numbers involved. A person—or group—ran off with the personal information of 77 million customers. That’s staggering. Sure, we knew that PlayStation was popular, but that’s a lot of data. Microsoft’s Xbox Live would make a fine target. So would Nintendo’s Wii. Do we know the security procedures at these gaming networks? I don’t. You probably don’t either. And until now no one thought twice about handing these game networks a nice chunk of personal information. As an extension, a hack of Apple’s iTunes would be the Holy Grail.

Rest assured folks will start wondering about game network security soon. If hackers can take down the PlayStation Network other gaming properties may become targets too.

Related:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Between the Lines”

Topics

Game, Security, Sony Corp., Network, Credit Card, Sony Playstation, Hacker, Game Network, Game Players, Networking, Consumer Electronics, Personal Technology, Larry Dignan

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic.

Disclosure

Larry Dignan

Larry Dignan has nothing to disclose. He doesn’t hold investments in the technology companies he covers.

Biography

Larry Dignan

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CNET News.com. Larry has covered the technology and financial services industry since 1995, publishing articles in WallStreetWeek.com, Inter@ctive Week, The New York Times, and Financial Planning magazine. He's a graduate of the Columbia School of Journalism and the University of Delaware.

For daily updates, follow Larry on Twitter.

25
Comments
Add Your Opinion

Join the conversation!

Just In

Break-in was done through Administrators' PC, via email.
Joe.Smetona Updated - 1st May 2011
"Sony got a bad luck again after the PS3 hack. Sony Corporations online data of PlayStation Gamers just got stolen. It included the theft of 77 million user accounts that consisted of their names, addresses and credit card data. Due to this Sony has shut down its all servers. Reports say that this theft took place 7 days ago by an illegal and unauthorized person. Sony immediately shut down all its networks thus preventing the players to play online and even the online purchases. This theft is said to be the biggest internet security break-ins ever. Sony claimed that there is only a small probability of credit cards of users are being stolen but it could not promise it. The data stolen is estimated of worth about $5oo millions. Alan Pailer, the research director of SANS institute said that they didnt pay enough attention to the security system of the servers as they were more focused on the innovation of the new products. This could be a major reason for this security break-in. Pailer suspected that Hackers succeeded to break-in security system by taking over the PC of a system administrator who had the rights to access the information about Sonys customers. He also claimed that they hacked into the administrators system by sending an email that contained malware. Reports also say that the same group of hackers hacked into the systems of other major corporations. To all its online buyers, Sony suggested to place fraud alerts on their credit cards accounts through three U.S credit card bureaus. Sony said it could restore some of the networks services within a week."

http://www.techextant.com/sony-playstation-data-break/
View in thread
0 Votes
+ -
Sony doesn't get cloud services !!!
hubivedder 27th Apr 2011
They made great stand-alone consoles but the big wide interconnected world is beyond them. Seriously only MS can understand and deliver in this space.
0 Votes
+ -
RE: Sony's PlayStation Network data breach: Game networks an irresistible hacker honey pot
D2 Ultima 27th Apr 2011
@hubivedder
*points you to Valve then kindly asks you to shut up about Microsoft*
0 Votes
+ -
Message has been deleted.
keew1230 Updated - 27th Apr 2011
0 Votes
+ -
RE: Sony's PlayStation Network data breach: Game networks an irresistible hacker honey pot
CowboyJake 27th Apr 2011
The quality of everything Sony has been producing has been going downhill for the last 10 years. I was strictly a Sony electronics buyer for years. In the last year or so I grew tired of Sony's constant lousy QA/QC. I am glad I went with the XBOX over the PS 3 today. Sony doesn't value its customers, nor do they seem to understand the value of keeping a customer happy.
0 Votes
+ -
RE: Sony's PlayStation Network data breach: Game networks an irresistible hacker honey pot
Alan Smithie Updated - 27th Apr 2011
As Sony actively kneecap Stereo Mix Record on their Vaio's I have absolutely no sympathy for them and deserve all they get.
0 Votes
+ -
Message has been deleted.
ShazAmerica Updated - 27th Apr 2011
0 Votes
+ -
Did anyone catch...
wolf_z 27th Apr 2011
...the fact that birthdates and security questions were taken?

*If* (and I'm being Pollyanna here) the credit card numbers were NOT taken, it still means identity theft will be straightforward, given the amount of private information in those profiles.

If credit cards were taken too, well, Visa is going to be very unhappy with Sony. Not to mention what 77 *million* credit card frauds would do to people's trust in not only online transactions but credit cards themselves...
0 Votes
+ -
RE: Sony's PlayStation Network data breach: Game networks an irresistible hacker honey pot
D2 Ultima 27th Apr 2011
@wolf_z
That in and of itself may be a good thing though, Credit Cards are nice and useful and all, but for example I have an electron Visa. If I don't load money on it beforehand, it's worthless. It's the only "credit card" I have. Steal the info for that I wouldn't care, I only load on what I need. I can always get a new one easily, and I don't need to throw money on it repeatedly to keep it active.
No in-the-red means no debt as a result of the card. It would do about 60% of America well to adopt such a practice.

As for Sony, I find there is some good in the fact that they were hit, though I feel for those who've provided information to them. I'll say there's no way to sift through 77 million users to find whose identity you wish to steal though, as well as most of this information will be kids just using parents' credit cards, so it'll be quite useless.
But Sony needed to shape up, and so does Microsoft (unsure about Nintendo's practices). The "console wars" have dragged in the PC and the party-game feel of the Wii and have ruined things for most of them, while giving MS and Sony a blindly loyal, stupid following. That Sony was hacked so easily and the fact that they cannot recover from it speaks VOLUMES about how few measures they took to secure themselves and their users' data. I'm sure Microsoft is the same, their only purpose is how to make more money from their users. It's sad, but true. So I'm left feeling bittersweet; I'm glad that Sony got a slap in their face, and if Microsoft isn't scared gutless and upping their security measures, then I wish MS gets the same treatment too. People need to REALIZE that these companies don't care about their end-user OR their information. As long as you get them their money, they're happy. Still too bad about everyone's info being stolen though.
0 Votes
+ -
Who there has the ability to delete messages?
ShazAmerica 27th Apr 2011
And why was mine deleted? Absolutely nothing in it was offensive. What is this? 1950 Soviet Russia, deleting anything you don't like?
0 Votes
+ -
RE: Sony's PlayStation Network data breach: Game networks an irresistible hacker honey pot
Agnostic_OS 27th Apr 2011
@ShazAmerica don't take it personally as it happens to me all the time.
Some people here have gossamer thin emotional skin stretched taut across an elephants buttocks of an inflated ego.
0 Votes
+ -
RE: Sony's PlayStation Network data breach: Game networks an irresistible hacker honey pot
campbellj78@... 30th Apr 2011
@Agnostic_OS lol thats great. Sony is going down hill now I wish Sega would make a new gaming system. I still have my Dreamcast and love it
0 Votes
+ -
Suspect #1: Anonymous Hacker Group
papyrus100 27th Apr 2011
It all started with Sony launching a lawsuit against hackers.
Please read about this hacker group, called Anonymous on the Internet. This is not an ordinary hacker group. They are criminals, and have the power to launch the attack Sony was victim of.
Please read http://arstechnica.com/tech-policy/news/2011/04/anonymous-attacks-sony-to-protest-ps3-hacker-lawsuit.ars.
0 Votes
+ -
RE: Sony's PlayStation Network data breach: Game networks an irresistible hacker honey pot
Agnostic_OS 27th Apr 2011
@papyrus100 latest news is that Anonymous group contacted the news agencies and have denied any involvement.
0 Votes
+ -
RE: Sony's PlayStation Network data breach: Game networks an irresistible hacker honey pot
papyrus100 27th Apr 2011
@Agnostic_OS : Thanks for the info, what is the source ? If you were a hacker, would you contact a news agency and say: "I did it". They have a track record of lying to the authorities. I do not trust them.
0 Votes
+ -
Sony may have a Bad E3 this year.
Bates_ 27th Apr 2011
This is just not good for Sony. With E3 a month+ away, they better do something extra special and crazy at E3 to win back fans. I am a Sony fan, but this is just not good on their end. Glad I never bought a PS3 now. PC gaming forever!
0 Votes
+ -
@papyrus100
Caggles 27th Apr 2011
You seriously think Anonymous did it? Really? A group of nerdy, 4chan-surfing internet denizens who probably all play on the PSN would hack and bring down a network they use. That makes plenty of sense. Besides, they've got a million better targets than Sony - see Scientology, Westboro Baptist, BMI, and the RIAA.
0 Votes
+ -
Well said.
Bates_ 27th Apr 2011
@Caggles +1

I don't think they did it either.
0 Votes
+ -
RE: Sony's PlayStation Network data breach: Game networks an irresistible hacker honey pot
namkce@... 27th Apr 2011
@Bates_

It's probably an inside job... former employee, etc. That's where I'd start my investigation.
0 Votes
+ -
May be its time for closed group messaging? http://www.nijimail.com
Ram@... 27th Apr 2011
First it is Epsilon now Sony, the list could go on. One day everybody's email will be available to spammers and phishers. A little bit of effort will be required to get people on a safe platform than plain old email. I have seen people mailing their tax returns as PDF attachments back and forth between their accountants! Cyber crime seems to be getting bigger and better every day. The criminals are only going to step it up. As technologists we should encourage the masses to move to a secure platform. My two cents!
0 Votes
+ -
RE: Sony's PlayStation Network data breach: Game networks an irresistible hacker honey pot
KBot 27th Apr 2011
This entire comment section is going to be a flame war. Fact of the matter is this: if this happened to XboxLive everyone would be just as pissed about the whole thing. Don't try to say one company is better than the other on this unless you have documented proof otherwise. For safety's sake, remove credit card info and any info linking other accounts to your consoles for the time being.
0 Votes
+ -
Message has been deleted.
xiaojiekaqq Updated - 28th Apr 2011
0 Votes
+ -
RE: Sony's PlayStation Network data breach: Game networks an irresistible hacker honey pot
TiagoViana 28th Apr 2011
Hello anti-Sony-boys... Long live Bill Gates the GOD Emperor!!!
Long Live AMEEEEERICAAA and it world class justice (and financial militarized economy). Japan could just go down the drain, couldn't it??? (END OF SARCASM) - America's soooooo little....
0 Votes
+ -
Glad I never gave them my current credit card details
MrElectrifyer 28th Apr 2011
The one they have is a pre-paid MasterCard which I got in my early teenage years happy Luckily for me, those years of paying for digital content are long gone grin I buy the hardware, get the software free; Aargh
0 Votes
+ -
I know what happened
justthisguyyouknow 28th Apr 2011
Someone stuck an old root-kitted Sony CD (of some crappy band) in their PS3. Sony root-kitted themselves, but haven't figured it out yet happy
0 Votes
+ -
Break-in was done through Administrators' PC, via email.
Joe.Smetona Updated - 1st May 2011
"Sony got a bad luck again after the PS3 hack. Sony Corporations online data of PlayStation Gamers just got stolen. It included the theft of 77 million user accounts that consisted of their names, addresses and credit card data. Due to this Sony has shut down its all servers. Reports say that this theft took place 7 days ago by an illegal and unauthorized person. Sony immediately shut down all its networks thus preventing the players to play online and even the online purchases. This theft is said to be the biggest internet security break-ins ever. Sony claimed that there is only a small probability of credit cards of users are being stolen but it could not promise it. The data stolen is estimated of worth about $5oo millions. Alan Pailer, the research director of SANS institute said that they didnt pay enough attention to the security system of the servers as they were more focused on the innovation of the new products. This could be a major reason for this security break-in. Pailer suspected that Hackers succeeded to break-in security system by taking over the PC of a system administrator who had the rights to access the information about Sonys customers. He also claimed that they hacked into the administrators system by sending an email that contained malware. Reports also say that the same group of hackers hacked into the systems of other major corporations. To all its online buyers, Sony suggested to place fraud alerts on their credit cards accounts through three U.S credit card bureaus. Sony said it could restore some of the networks services within a week."

http://www.techextant.com/sony-playstation-data-break/

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix