John-ShepardSony officially apologized to consumers for not better protecting the PlayStation Network. But that's not good enough for the Information Commissioner's Office.
According to a GamesIndustry.biz report, Sony has been fined £250,000 by the Information Commissioner's Office for not being able to prevent the security breath of the PSN back in April 2011.
The UK organization ruled that the company "hadn't met its duties in ensuring that software was up to date and had left vital passwords and systems in a vulnerable state." Many experts have made similar accusations. Said ICO director of data protection David Smith:
"If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn't happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough. There's no disguising that this is a business that should have known better."
Since the hack, Sony has beefed up security for the PSN, but consumers don't forget that easily. Of course, personal information on the Internet in any form is always at risk, but it's probably true that Sony simply didn't do enough in terms of prevention. Here's hoping things keep moving in a positive direction heading into the new generation.
Oh I get it, I was gonna say, how can Team ICO fine Sony?
Hahaha, thought the same thing.
Bah. Sony should fine Team ICO.
lol
on what grounds mr. Dutka?
For not pushing them to give us The Last Guardian, obviously.
It just came to me. Imagine if ICO threatened to sue Naughty Dog over the title "The Last of Us", just like Take Two is doing to that director. That would be a good April Fools headline.
I thought the same thing haha
I guess the same could be said for all the other companies that get attacked as well.
I get it, its personal information, and it should be kept as safe as possible. But the key wordd there is as possible. Determination will always win in the cyber world.
But no fraudulent activity happened from it :. I think some people are just bitter. How many times do people get their money stolen from live and yet Microsoft doesn't get fined. That's kind of idiotic but oh well.
Yeah, there is no such thing as 100% secure on the internet. This is a ridiculous case.
I don't see how they could have been "better prepared"
It was a sophisticated deliberate attack on PSN that didnt get to anything REALLY important.
This would be like if [YOUR BANK NAME HERE] had a robbery attempt one day and the police decided it was the banks fault for having doors on the building.
Several high profile financial institutions, one network security firm, one password security firm, Lockheed Martin and the folks behind RSA security tags were all hacked since Sony's PSN was attacked. Yet the media still likes to chug along banging Sony over the head for poor security.
right, they couldent of been better prepared.
what about all the recent security procedures they put in place since the attack?
we couldent of been more prepared, but we have done x,y and z to be better prepared for, if, this happens again.
either A their full of sh*t and just did not want to spend the money for the sake of what ifs, or B there full of sh*t and havent put any extra security procedures in place since the attacks!
Last edited by ___________ on 1/25/2013 6:03:43 AM
Mr Underline…
I have worked in network security, and like any security, you prepare what you can. If there is an attack that succeeds, you learn from it, and take the precautions to plug whatever gaps the attack exposes. That is the nature of the beast. no matter how well prepared you are, or think you are, a determined attacker may still find a way in. When that happens, you learn from it and move on. Castigating Sony over this is simply exercising your existing hatred for Sony and has nothing to do with the reality of the situation.
We'll never know is Sony was well prepared, if they were lacking, or if the hacking assault just happened to be good enough to break through their security.
In the end, hackers can find a way with enough effort and no one is invulnerable.
From what I read back then it did seem that some common sense measures weren't there, they were weak. Even though the info was hashed, it shouldn't have been able to be gotten in the first place. So maybe this fine will just kick em in the ass to keep the bars on the windows thick in the future.
Most of those articles were ultimately full of crap, speculation and downright wrong.
I only read about it here, but you are the networking guy so I'll defer to your analysis.
Let's see. Contrary to the sensationalist reports at the time, Sony's systems were not as out of date or unpatched as claimed. A lot of the information that passed as fact in the first month or so was repeated so often that most people regard it as fact, but it's almost entirely incorrect. Most PSN systems were relatively up to date, though like most corporations, their patch schedule is somewhat behind the release of the patches (where I work we are at least a month behind even on our most up to date systems because all patches have to be tested in Dev or Test environments before being pushed to production). The PSN passwords were hashed and salted – despite it beiong reported that they were not, the Credit card information was encrypted as per the standards for electronic commerce – despite it being reported that they were not, there were perimeter defenses and standard system security in place – despite several sources claiming that there was no security. No passwords were stored in plain text, though apparently email addresses and PSN names were – shockingly enough. 77 million accounts were involved, yet no credible cases of card fraud have been reported and no information has – as far as I am aware – been transacted from the attack.
Funny how this still garners headlines despite several high profile banks being hacked in the meantime – and losing transaction/card information in the process.
Saying that Sony should've known is rather like saying that Japan should've known that there would be a 9.3 Magnitude earthquake and the largest Tsunami in modern history, and then fining them for being in the way of it.
Last edited by TheHighlander on 1/25/2013 2:27:13 AM
I could't have said it better myself. Especially that last part. You got me in a good humor, buddy.
gotta love $onys piss poor response to this!
basically its, oh well theres no evidence details were stolen so this is unfair.
thats not the point, the point is you stored customers details in a inapropriate manner, what does having proof that peoples info stolen have to do with it?
so as long as no one steals anything, its fine to leave the door open and invite them in?
ok fair enough, kaz lend me the keys to your house and i promise ill leave the door open but ill make sure nothings stolen.
yea, thats what i thought!
come on if your going to come up with a piss poor excuse, at least put half your a$$ into it!
"if" the security "was" weak, there would have been more
hacks, imo.
i may never forget the psn hack, but i forgave sony!
First of all, I can't handle all these blank lines…
Second, I thought CC numbers were all safe in NA and EU?
Yeah, the FBI get hacked (rarely) and Sony is the one to get fined. Such BS.
I'm sick of hearing about this! Yeah Sony had their pants down, however Microsoft keeps their pants down all the time and nobody says a damn thing! Sony also shut the psn down so they wouldn't loss more money and gave free identity theft protection for the Playstation Users! Sony also gave away free games and gave the Playstation Home a face lift Extreme Makeover style! If that isn't good enough, ICO can go to hell! This is obviously a shake down because ICO is getting paid off from Microsoft to make Sony look bad because they are scared!
Microsoft puts small Businesses out if they feel threatened by doing things like this! Microsoft has and always be a fraud and a shadow of Apple and never be able to live up to their name! If Bill Gates don't have faith in Microsoft anymore, that should say something!
Cesar_ser_4, look at it this way! If the ICO fined every company only on the grounds of being hacked that about every company out there will be fined! It is not the point Sony got hacked, at least Sony never lied and spend millions of dollars making up for it, ingrate!