Unless you’ve been hiding under a rock the past couple of days you will know that Sony’s PlayStation media hub, The PlayStation Network, was hacked and the repercussions for Sony could cause the company a whole lot more damage than it initially appears.
The actual hacking itself is a bit of a headache, but I’m sure Sony Computer Entertainment has the resources and expertise to plug the hole created by these idiots. However, there is a whole lot of more pain to come and I’ll explain why.
First of all, what was taken? As far as we know, it’s possible personal information on all 77 million-plus accounts on the PlayStation Network have allegedly been downloaded by the hacker(s). As well as email and physical address material, passwords and log-ins have been stolen, and at this stage Sony are unsure as to whether credit card details have also been purloined by the cybercrims.
These details are part of the required information set that go toward stealing your identity, and once they are obtained and in the hands of the criminal, they can not be brought back!
The way I see it, Sony have three problems – one relatively minor issue and two pretty serious ones . The most obvious is that the info has gone and there is no way for them to gett it back. Once the crims have taken it that’s it – people have to go in and change passwords, log-in details etc, which will be a pain in the butt. However, this is not an impossible ask, just annoying.
Secondly, and more serious, is that they will now have lost the trust of a vast number of PlayStation Network users. How did the hacking occur? What measures is Sony CE taking to make sure it never happens again? What is Sony doing to either recover the info, or at least find who is responsible and deal with them accordingly? These are just some of the questions that will be asked, and people will have the right to demand answers. But even if these questions are given consideration and answered to peoples’ satisfaction, it will still take time for the trust to build back up.
Finally, and probably the most serious problem of all, will be the time it took to tell people. The site went down on the 20th of April, and it was not until April 25/26th that the company acknowledged why the site wasn’t working. It is one thing for a website to have technical issues, but to be hacked and potentially have personal information stolen and not tell the people this affects is another matter altogether. I’m guessing there must be some lawyer(s) that specialise in chasing compensation in the US rubbing their hands with glee.
To have somebody hack your site is something that can’t be helped no matter how much security you put in place; not telling people that their personal information – that might include credit card details – has been stolen, is a whole bigger issue.