Sony has had a tough 3 weeks. It started with an outage to their PlayStation Network (PSN) which has escalated to one of the biggest network compromises in recent history. I however believe that Sony should have done some things differently, but hindsight is an exact science which makes people seem smart:
They should have played their cards more honestly with their users. The scale of the disaster was grossly understated, which is doing them no favors at the moment.
Companies should have learnt by now that if you mess up, you come clean instead of telling a half true story.
- I get the idea that Sony does not really know what data has been taken off PSN. I think in this case that Sony have done the right thing and am expecting the worst. The fact that Credit card data could have been taken is a massive disaster for all parties concerned. The mere fact that user accounts have been compromised is also a disaster and should be seen as a wake up call to users.
- Sony’s security breach is particularly embarrassing because it wants to position its PlayStation console as an entertainment hub capable of delivering films and music over the internet, in addition to video games. However, the PSN outage will now make users question whether they want to add their details to the PSN.
So what should have been done?
Users should log into their accounts if they have not done so and change passwords. If you have not done that then DO IT NOW. Secondly talking of passwords, please ensure that your password is not like any other passwords that you use for other services. I am not a security consultant but having a radically different password for different things is a massive advantage in times of need. Also keep an eye on your credit card if it is linked to your PSN account. If any unauthorised transactions happen immediately contact your bank and either charge it back to the respective business or consider getting another credit card.
I believe that Sony should be asking their users to re-authenticate their accounts or create new ones that have totally new information in it. The compromised ones can be left on some server without any chance of them being useful to hackers.
The lesson I learnt/took away from this meltdown is, choose different passwords for different services. Sony, you have a crisis on your hands and you need to react otherwise the court cases against you are going to increase.
Disclosure: I am one of the 77 million users who have been getting communication from Sony regarding this matter.
Update: A second hack of a Sony network has been made public. Hackers targeted the accounts of Sony Online Entertainment (SOE) users; according to Sony, they may have stolen personal data from approximately 24.6 million SOE accounts, as well as some of the data from an outdated database from 2007. So 102 million accounts have been compromised on Sony infrastructure.
