Sony’s been in and out of the news recently: from a lawsuit against George Hotz (aka geohot, not Geo1Hotz), to getting raided by Anonymous, Playstation Network (PSN) going down, PSN customer data leaked on more than one occasion, and finally now with Sony Computer Entertainment of America (SCEA/SONY) shutting down their systems while trying to claim that their systems were taken down by Anonymous. I’m not saying Anonymous didn’t take down Sony’s systems or networks, but the statement from Anonymous can be summarized with “For once we didn’t do it." It’s kinda funny that Sony can’t tell us who or what caused their problems. They don’t seem to have a clue.
To put the customer data leak in perspective, let me simply describe how the database was maintained: it was on par with having a card catalogue of customers with data easily accessible to whoever wanted it as long as they “worked” for Sony. Big deal, companies do it all the time right? Who’s to say what other companies do, but encrypting a database would have helped when the leaks happened. That is assuming Sony could be bothered to inform their source of income that the leaks occurred. Yes, Sony took its sweet time getting the word of the leaks out to customers.
But it doesn’t appear to end there. Sony could’ve also locked down access permissions to their database so that only the proper Sony officials would have access. As revealed by a third party firmware known as Rebug, anyone with a developer console (which Rebug could make a regular console into) could commit fraud on PSN, least of all by buying digital goods and services with a fake credit card number and fake information. After getting wind of this, Sony shut down developer access. Sony was trying to roll out a new, more secure network before the weekend of the 7th... or at least it would have if not for a “third wave” of attacks from unknown sources. No doubt Sony would continue blaming Anonymous if not for the fact that they issued a press release. As previously stated, the leaks of the customer databases wouldn’t be so bad had they taken the proper precautions and security measures in the first place. Or as anyone over 40 might say, “If you did it right the first time, it wouldn’t take so long now.” But instead Sony blames Anonymous every time they get hacked.
It appears Sony is now willing, though perhaps unable to protect their customers’ data, but only because of third-party intervention. However, at the time of this writing the network is still down. There are fans who will defend Sony’s perceived lack of action and there are those that will fully criticize Sony. I’d say Sony is the BP of digital sales.
Sony: The BP of Digital Sales
Another wave of security hacks make clear Sony could have done more.