Sony PlayStation Breach

I’m a little late to the game on this one, but the initial reports in email of a Sony PlayStation breach were so sketchy…  All of the information was coming in piecemeal, and didn’t seem all that impacting.  Now that the larger news clearing houses have done their homework and the company come clean, this is shaping up to be quite an impressive little comrpomise, affecting a potential crowd of 77 million users, and striking a major blow to the company’s elusive goal of linking its consumer electronic devices to an online network of movies, music and videogames.

The PlayStation Network was launched in 2006 to allow PlayStation 3 console users to play games online, free of charge, and is at the heart of Sony’s online content delivery strategy.  Last year, Sony leaned hard on the PlayStation group’s experience to launch its Qriocity online platform, offering streaming video and music services.  The company also tapped the PlayStation Network’s data centers and payment systems to provide the backbone for its  latest online services.

The company plans to launch a new handheld game machine that will access the PlayStation Network by year-end.  It aims to have its own co-developed smartphones connect to the Qriocity platform for streaming video and music in the future.  Sony will enter the fast-growth tablet segment with two products later this year, also connecting to Qriocity as  well as Sony’s electronic bookstore.

Sony’s IR Timeline:

  • Tuesday, April 19, Sony learned its PlayStation and Qriocity networks had been compromised.  The company did not go public.
  • Thursday, April 21, The company investigates the outage and expects it will take “a full day or two” to return to normal service.  A posting on Sony’s European PlayStation blog said, “Our support teams are investigating the cause of the problem, including the possibility of targeted behavior by an outside party,” but was quickly removed.
  • Friday, April 22, Sony reveals the cause of the problems.  “An external intrusion on our system has affected our PlayStation Network and Qriocity services.  In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services”.  The notorious hacking group “Anonymous” said in a statement that it had nothing to do with the attack.  “While it could be the case that other Anons have acted by themselves AnonOps was not related to this incident and takes no responsibility for it”.  It accused Sony of blaming attacks on its network to cover up an internal problem with their own servers.
  • Saturday, April 23, Sony reports that it is rebuilding its networks as a result of the attack.  “Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security.”  Sony was “working around the clock to bring them both back online,” but provided no ETA, thanking customers for their patience.
  • Sunday, April 24, a spokesman for Sony in Tokyo stated that a “thorough investigation” was under way but they had not yet determined what personal or credit card information may have been compromised.
  • Tuesday, April 26, Sony released a detailed statement and confirmed that some personal information was stolen, including names and addresses for registered PlayStation Network and Qriocity users, birth dates, e-mail addresses and other personal info.  “While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” Sony said, advising customers to create credit card fraud alerts and keep an eye on credit card charges.  The PlayStation Network and Qriocity will be back online “within a week.”

I hope that the next update comes soon, providing insight into how the breach occurred, what data was actually stolen, what the company is doing about it, and what assurances the company offers to customers that it will not happen again.