In a blog post published Sunday, Sony admitted that a distributed denial of service (DDoS) attack impacted online services -- Sony's PlayStation Network and the Sony Entertainment Network -- but insisted that user's personal information remains safe. Sony representatives said that the company has "seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users’ personal information," although the DDoS attack did scupper scheduled maintenance plans.
In 2011, Sony's PlayStation Network was thrown into the spotlight following a security breach which compromised the security of 77 million user accounts. Personal information including names, addresses, e-mail addresses, dates of birth, and account passwords were put at risk, as well as user credit card numbers. The UK considered this a "serious breach of the Data Protection Act" and later fined the firm £250,000.
Lawsuits, including 65 class action complaints stemming from the breach, were settled in July this year for $15 million by Sony.
The networks are now back online, and users can once again access Sony services. However, this isn't the end of the matter.
Two groups have taken responsibility for the hack, including a hacking group called Lizard Squad. After saying they had placed ISIS flags on Sony's servers, the group took things one step further and tweeted to American Airlines:
Following the message, a flight which president of Sony Online Entertainment John Smedley had boarded was redirected. Smedley tweeted that the plane was diverted for "security reasons."
The plane made an unscheduled landing in Phoenix rather than flying from Dallas to San Diego, where all of the 179 passengers and crew were escorted off-plane and bags were searched by the police. Eventually, when nothing out of the ordinary was found, the plane resumed its original course. San Diego airport spokeswoman Rebecca Bloomfield told HeraldNet that the FBI was involved in the investigation.
Smedley did not discuss the grounding further, beyond "Justice will find these guys." In comparison, according to Lizard Squad's Twitter page, the group seems confident they will not be apprehended.
The other who took responsibility for the hack is FamedGod. The hacker explained in a video uploaded to YouTube over the weekend -- now offline -- that they struck the Sony network at a rate of 263.35Gbps by using Network Time Protocol (NTP) amplification. In the video transcript, FamedGod defended the attack by saying:
"Sony is a company that lacks the security which makes every user vulnerable to having their information leaked. Jailbreaks can access hidden and prohibited content now. Memory dumping can reveal the hidden servers which personal and main information is stored. Simple hex converting and decryption lead to a full DDoS on PlayStation's main server data center. Please understand, I am here to show, that you as a corporate company are vulnerable.
You apparently, didn't solve a thing when you went down for a month. I hope you think twice next time."