Storm Clouds Darken Over Sony
As if the lengthy PlayStation Network and Qriosity site outages weren't bad enough, Sony had to compound users' unhappiness by letting them know hackers helped themselves to their personal information -- and the company couldn't absolutely positively assure them that credit card account details weren't included in the data exposed. "I think it's a disaster," said Geek 2.0 blogger Steven Savage.
Sony confirmed that its recent site outages were caused by compromised security in a blog post on Tuesday. Between April 17 and 19, hackers gained access to PlayStation Network and Qriocity user account information, the company revealed, and its shutdown of PSN and Qriocity on April 20 was a reaction to that security breach.
A week later, PSN is still down, although Sony expects to have it back up and running within another week. Sony has enlisted the services of an outside security firm to investigate what occurred.
Sony believes the hackers made off with personal information of users including their names, full addresses, email addresses, birthdates, user IDs and passwords. It's also possible that the hackers obtained profile data including purchase histories, billing addresses and password security answers. The blog warns users of possible email, telephone and postal scams. Sony recommends that its users monitor account statements and credit reports.
Already irritated by the network downtime, many users are now outraged by the news of the information breach.
Sony did not respond to the E-Commerce Times' request for comments by press time.
All Systems Are Vulnerable
The Sony breach happened at roughly the same Amazon experienced a crash in its cloud-computing services. Amazon was thought to be bullet-proof. Apparently, no system is entirely safe.
"The events of this week, including the Amazon and Sony outages, the data loss at Sony, and the privacy erosion ensuing from the way mobile smartphone platforms use geolocation data, taken in aggregate, are a wake-up call for the entire industry -- and for cloud services in particular," Al Hilwa, program director of applications development software at IDC, told the E-Commerce Times.
While Sony is taking it on the chin, this type of breach could happen to any service provider, insisted Hilwa, who said "a new frontier in digital crime may be opening here."
These breaches coincide with an increase in the use of back-end cloud services, he observed, and they're happening just as consumers and organizations are becoming more and more dependent on cloud connectivity.
"We are reaching a critical mass where a variety of issues of availability, security and privacy are emerging," said Hilwa. "It puts special pressure on best practices in how cloud services are managed."
There's also a greater communications challenge, he pointed out. "Service providers need to alert consumers on how to protect themselves or take precautions in this new age."
Sony Is Suffering Its Tylenol Moment
This incident has sparked a crisis for Sony. Users are very angry at losing their data and losing access to the system.
"I think it's a disaster," Steven Savage, technology project manager and Geek 2.0 blogger, told the E-Commerce Times. "First of all, it's a major technical breach. Secondly, personal data appears to be compromised. Third, the network's downtime could be very high. Fourth, Sony's communications have been absolutely terrible. Fifth, this occurs right when Xbox rides high and Nintendo suddenly is taking the initiative. This is the perfect storm of bad things for Sony."
Sony took down the PSN without telling users what happened. The company eventually explained some of the details, but the poor communication is bound to make a bad situation worse.
Keeping customers informed is not one of Sony's strengths, noted Savage. "They communicate slowly. This is simply inexcusable in an age of always-available media."
Weak communication gives customers the impression the company is either incompetent or simply doesn't care, he said, adding, "I doubt either is true -- this is just poor messaging."
Although Sony was the victim of a hacker's intrusion, the company still may be culpable. Customers trusted the company with their personal data, so Sony may suffer legal consequences.
"If enough personal data was stolen that people suffer from financial loss, there could be legal actions. Sen. Richard Blumenthal (D-Conn.) is already calling out Sony in a letter," noted Savage, and Sen. Al Franken (D-Minn.) may jump in well, since he is interested in IT issues.
This nightmare could change the game for Sony. The company will have to be wary of competitors striking while it's down. Every game company has something to offer, so a breach may be cause enough for gamers to switch when a competing game company introduces a new console.
"This is pretty big and gets worse every day the network is down -- a giant, in-the-news, on-your-console reminder that Sony messed up big time and may have compromised your data," said Savage.
"This has made them vulnerable to competitors," he added. "Microsoft is doing well, Nintendo appears to be awakening from its slumber, and now Sony has this. Competitors can use this against them in advertising, marketing, and simply to watch Sony stay busy while they move ahead."