By Jared Newman | Monday, May 2, 2011 at 9:12 am
Sony has finally opened up about the details of the Playstation Network attack, including how it occurred, when PSN service will return and what users will get in return for two weeks without service and a wealth of personal information stolen.
Sony also apologized, at last, during the Tokyo news conference where it announced these details, with three executives bowing for seven seconds in line with Japanese custom. “We’d like to extend our apologies to the many PlayStation Network and Qriocity users who we worried,” said Kaz Hirai, head of Sony’s gaming division. “We potentially compromised their customer data. We offer our sincerest apologies.”
The attack on the Playstation Network looked like an ordinary online purchase at first, but it used a known vulnerability in Sony’s application server to install malicious software, PC World reports. The software then broke into Sony’s database server to steal names, e-mails, addresses, birth dates and passwords. Credit card numbers were encrypted and don’t appear to be compromised, but Sony hasn’t ruled out the possibility. (UPDATE: Here’s Sony saying 10 million credit card numbers may have been exposed, a point not conveyed on the official Playstation Blog.)
To deal with future threats, Sony will hire a chief information security officer, add automated software monitoring systems, implement more firewalls (the hack broke through three of them) and use more encryption in its database. All PSN users will have to change their passwords once service returns.
As for when that’ll happen, Sony’s timeline is “this week” for online play, account management, chat functionality, unexpired movie rentals and the Qriocity music service. PSN’s store for downloadable content won’t return until later this month, according to Wired.
To compensate users, Sony will offer a selection of free downloadable content, a free month of Playstation Plus service and, for existing Qriocity users, 30 free days of service. Sony will also help users enroll in identify theft protection services, with more details coming soon.
Sunday’s press conference in Tokyo was long overdue, but I’m glad to see Sony finally answer some of the questions that have lingered for nearly a week and claim some responsibility for what happened. These are crucial steps if Sony ever hopes to regain the trust of its customers.