Only three months ago, along with many other gaming journalists, I declared 2011 as The Year of the Playstation 3. With a laundry list of AAA exclusive titles lined up that easily eclipsed the competition, it sure looked like Sony’s console had a lot more going for it than anyone else in the field.
I almost had the title right. As it turns out, when it comes to the popular gaming system, 2011 will more likely be remembered as The Year of the Playstation 3 Outage.
Inexplicably at the time, the Playstation Network suddenly went offline on Wednesday, April 20th. No services requiring internet connectivity could be accessed: no Netflix, no Playstation Store, and most importantly, no online gaming. It was particularly bad timing, as just the day before, April 19th saw the release of three blockbuster titles in Portal 2, SOCOM 4, and Mortal Kombat, each with touted online features. Unsurprisingly, the Playstation gaming community was up in arms.
Sony’s official response to the incident that day was that the PSN was “undergoing maintenance.” The next day, Sony claimed to be “investigating the cause” of the outage and warned that it might continue “for a full day or two.”
Then, on Friday, April 22nd, Sony started opening up. They explained that an “external intrusion” occurred between April 17th and April 19th, affecting their PSN and Qriocity services. Sony also let loose that they in fact had taken down said services of their own accord as a result of the attack.
Fast-forward to this past Monday. The PSN outage continues and an official statement is posted on the Playstation Blog: “Unfortunately, I don't have an update or timeframe to share at this point in time.” Still no clarification on what the “external intrusion” was.
And then it happened. On Tuesday, a now-infamous Playstation Blog entry was posted, harboring a lengthy and official statement from Sony Computer Entertainment and Sony Network Entertainment. Of particular importance was this statement:
"Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained."
Alright, now it’s no longer just about being bummed that we can’t play Black Ops with our friends for a few days.
The obvious question following this revelation was immediately and universally asked: What about our credit card information? Luckily, in the days following this message, Sony specified that not only was the credit card information encrypted at the time of the intrusion, but Sony has never stored the 3-digit authorization code shown on the rear of the credit cards in their database. Consequently, even if the credit card numbers were somehow decrypted, they would likely be unusable.
So far, this has held up. Bloomberg posted an article stating plainly that financial companies Wells Fargo, American Express, and MasterCard have seen "no unauthorized activity relating to Sony."
At the time of this writing, the PSN outage continues nearly ten days after its initial collapse. Many eager Portal 2, SOCOM 4, and Mortal Kombat owners still have not had the opportunity to play their games online. PSN members the world over continue to monitor their bank accounts and credit reports in hopes that they have not been a victim of identity theft.
We need to give credit where credit is due: It is not Sony’s fault that their system was hacked. As famed hacking group Anonymous has displayed time and time again, there’s no such thing as a hack-proof system. It also seems that Sony is pulling out all the stops to locate the hackers responsible for the intrusion. The Department of Homeland Security’s Computer Emergency Readiness Team is already on the case. It has also been confirmed that Sony has enlisted the help of the FBI to locate the hackers.
If these guys are indeed caught, boy are they grounded.
Regardless, Sony’s handling of this situation as it pertains to their userbase has been abysmal. As we later found out, when the PSN went down on April 20th, not only was Sony aware that an intrusion had occurred for three days prior, but they had taken down the PSN themselves to halt the intrusion. Yet, the explanation we received was that they were undergoing maintenance. Six days later, Sony finally admitted that every PSN member’s personal information could plausibly have been obtained through the intrusion.
Hey Sony: Six days is a lot of valuable time lost when it comes to protecting oneself from identity theft. That’s not cool.
But it doesn’t stop there. While it’s comforting to hear that the credit card numbers were encrypted, what about everything else? What’s the excuse for leaving every other piece of information sitting on a silver platter? That is one giant security hole. Sony may not be to blame for the hacking itself, but feel free to point whatever finger you like at them for allowing your information to be so easily obtained as a result.
In a way, perhaps this debacle has been a blessing in disguise, giving Sony a chance to reevaluate how they protect their customer’s personal data (or don’t).
The last time Sony had anything to say about a timeframe for the return of the PSN was on Tuesday, as part of their statement on the Playstation Blog. At that time, they claimed that they expected “to restore some services within a week.”
I guess they have until next Tuesday before the gaming public has another excuse to resume spitting vitriol.
The following is a link to a press release announcing that some of the services are coming up this week, as well as a "Welcome Back" package that Sony is giving its PSN members:
Pick up Sony PS3, its peripherals and other video games and consoles at these local video game retailers:
- Play N Trade, 545 South Broad St., Lansdale. (215) 368-1955
- GameStop, 1551 Valley Forge Road, Lansdale. (215) 631-1230
- GameStop, 2333 W. Main St., Lansdale. (215) 855-4280
- GameStop, 801 Bethlehem Pike, North Wales. (215) 412-2900
- GameStop, Montgomery Mall, North Wales. (215) 362-2036
- Toys R Us, 2 Airport Square, North Wales. (215) 368-8050
- Best Buy, 801 Bethlehem Pike, North Wales. (215) 855-3528