Earlier today, Sony’s VP Kazuo Hirai, (formerly in charge of Sony’s PlayStation division) headed up a conference from Sony’s HQ in Tokyo, Japan. The conference was held to address the current situation of the PlayStation Network, the online infrastructure employed by PlayStation 3 owners to play games online, communicate with friends, view PS3 specific content and shop.
The PSN service was recently taken offline after hackers compromised the system and have possibly stolen personal user data including user’s names, addresses, passwords and bank information being accessible to the attackers. Sony have since disconnected the PSN and the service has been offline for more than a week.
The press conference focused on what information has leaked, how much of it might have leaked and what Sony’s next plan of action should be. After a brief apology, Kaz explained how Sony was alerted of the unauthorized access on April 20th. Sony reported that the attack was carried out by a “highly skilled intruder” and as such have brought in a secondary security firm to determine exactly what happened. It was at this point they emailed PSN users and published official warnings. Although there is no evidence that credit card details have leaked Sony are responsible for over 78 million accounts and about 10 million of those had potentially vulnerable credit card information.
Sony have said that they do not plan to take any action regarding compensation for the data leak. If it appears that details were stolen and bank details used they will deal with such issues on a case by case basis. That being said they do plan to give all affected users a free 30 day subscription to PlayStation Plus (a premium PSN Service) and a yet to be named free software download. Also, Qriocity customers will receive an extra 30 days of service free of charge, which is nice.
Sony went on to detail how they intend to prevent such an attack in future (this latest attack exploited a known vulnerability in their infrastructure), including moving their data center from San Diego to a new location with “more advanced security”, enhanced detection capabilities, automated software monitoring, enhanced levels of data encryption and additional firewalls. They are also considering improvements in user-side security with extra steps to account verification and so on.
What’s left to say is that Sony intend to start bringing their service back online within a week and normality is expected to be restored within a month, but all this downtime must have had a crippling effect on the company as a whole.