Hackers attacked the PlayStation Network on April 19, forcing the Japanese company to bring down the network, which has more than 77 million registered users. The outage has been one of the most humbling corporate events for Sony. The security gaffe, which happened at the same time that Amazon’s web services data center crashed, could shake the faith that consumers have in the internet cloud, where corporations say they will protect their personal data.
“This criminal act against our network had a significant impact not only on our consumers, but our entire industry,” Hirai said. “These illegal attacks obviously highlight the widespread problem with cyber-security. We take the security of our consumers’ information very seriously and are committed to helping our consumers protect their personal data. In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks.”
AI Weekly
The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.
Included with VentureBeat Insider and VentureBeat VIP memberships.
In making the announcement, Sony pretty much followed the script I offered it. That doesn’t mean I knew a lot about what they would do or that I am especially smart. Rather, it was just so obvious what the company had to do, and it was surprising it took 10 days to do it. Still, it was good that Sony’s executives talked to the press and answered all questions from the media, at least as well as they could. They stayed on stage for an hour and 42 minutes. In that respect, Sony may have earned some good will tonight and begun the process of repairing its damaged reputation.
The apology press event took place in Japan at 2 pm Sunday Tokyo time, or 10 pm on Saturday evening Pacific time. Hirai, (pictured above), is representative corporate executive officer and executive deputy president of Sony as well as head of the game business. He was joined by Shinji Hasejima, senior vice president and chief information officer at Sony, and Shiro Kambe, senior vice president of corporate communications at Sony.
Sony said it wasn’t sure whether hackers had stolen users’ credit card numbers, which were encrypted. But users have begun to complain about false charges on their credit card accounts. Other corporations can’t be smug as they watch Sony and Amazon recover, since no one can be certain that their networks are secure from hackers or technical glitches.
Back in March, Sony chief executive Howard Stringer concentrated more power
[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":257245,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,games,","session":"D"}']
The problem for Sony is that this story, like the outage itself, has refused to die. We’ve run 15 stories about it so far, mainly because users seem hungry for more information because there just hasn’t been enough detail coming from the official source. Sony has been good about putting updates on the PlayStation blog, but it hasn’t been fast enough.
For instance, the company said the attack occurred on April 19, forcing Sony to shut the services down. Sony notified users on April 22 that an “external intrusion” led to an outage. It hired forensic computer investigators to figure out what happened. After their initial inquiry, Sony announced on April 26 that personal user data for all 77 million of the PSN and Qriosity services had been compromised and their credit card numbers have been stolen. On April 26, Sony began informing all affected users of the possible credit-card data breach.
Hirai said that hackers penetrated a web application server and made a tool to give themselves illegal access to the database. They were able to access a database with data that included credit card numbers.
Hirai said the company is moving servers from San Diego, Calif., to a more advanced data center with better security. It is also installing more security systems with automated software management and enhanced levels of data encryption and better ability to detect data intrusions. The company is adding more firewalls too,and it is adding a new chief information security officer, reporting to Hasejima. PS 3 will have a new system software update requiring users to change their user names and passwords. The password can only be changed on the same PS 3 on which the account was created or via validated email.
[aditude-amp id="medium2" targeting='{"env":"staging","page_type":"article","post_id":257245,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,games,","session":"D"}']
The company will roll out a program with a selection of premium services for consumers. This “welcome back” content will have free downloads, and 30 days of free PlayStation Plus network service. Normally, Sony charges extra for the Plus service, while membership in the PlayStation Network is free. Current members of PlayStation Plus will get 30 days of free service. Music Unlimited, powered by Qriocity, subscribers will get 30 days of free service in countries where it is available. Sony could not quantify the value of this free service and content offering for its users.
The company is planning on restoring the services as soon as it can, with some services starting this week. Hirai said that Sony’s network services are key to its strategy and that it will continue to strengthen them and learn from this incident. The attack targeted Sony’s data center in San Diego, Calif.
Separate from the attack that brought down the PSN, Hirai said that Sony’s sites had been subjected to attacks from Anonymous, the hacktivist group that targeted Sony during its litigation with “jailbreaking” hacker George “Geohot” Hotz. During these attacks, hackers dug out personal information on Sony executives and published it on the web. Sony is cooperating with authorities on those attacks as well.
[aditude-amp id="medium3" targeting='{"env":"staging","page_type":"article","post_id":257245,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,games,","session":"D"}']
In closing, Hirai bowed again and apologized again. Responding to press questions, Hirai said he had received questions about the matter from members of Congress in the U.S. and would answer the questions. In about a week’s time, the service is expected to restart. Hirai said he had not received reports that actual damages had been incurred related to the credit card exposure.
Hirai said Sony will advise users to change their passwords and not use the same ones over again. He said Sony has operated an online gaming network since the launch of the PlayStation 2 and has had to deal with online security for a long time. But he noted that the new situation is different. He noted that Anonymous has been attacking different corporate sites around the world for quite some time.
Sony’s network services are core to its strategy and it has to improve its security, Hirai said.
“We are living in a network society and we will deal with this kind of situation the best we can,” he said.
[aditude-amp id="medium4" targeting='{"env":"staging","page_type":"article","post_id":257245,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,games,","session":"D"}']
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More