The PlayStation Network attack and subsequent outage was rough for everyone involved.
And while Sony admits they must continue to be "vigilant" and work hard to reclaim and retain fan trust, one analyst believes the company did everything they could to deal with the situation. EEDAR's Jesse Divnich told IndustryGamers that Sony isn't getting enough credit; he first makes an interesting point:
"We have all received notices in the past from either our bank, credit cards or retailers regarding potential breaches of our personal data. Aside from a letter with their 'sincerest' apologies and warnings about self-monitoring our accounts, what has any company ever given us for the breach of our personal information?"
Sure, we get some free monitoring for a year (sometimes) but other than that, very little is done to compensate the victim. We've certainly never seen anything like the Welcome Back program Sony instituted after the Network came back online, which is an important distinction. Added Divnich:
"In Sony’s case, they gave away games with no hoops to jump through. What could be more appreciative to a gamer? I’ve yet to ever see a company be as authentic and sincere as Sony, they truly went above and beyond."
And while the PSN isn't back to 100%, the analyst believes the PSN has "recovered rapidly." This comes after evidence that suggests the Welcome Back program was a clear success , so maybe Sony can recover that much faster with consumer appreciation.
I agree that they did go above and beyond with the Welcome Back program. 1 Month of Plus would've been plenty.
On a side note, I recently had to cancel my Debit card and order a new one because someone was making purchases with it. I had a charge for $2.00 to a hotel I've never been to in Indiana, and another $.01 charge to a bar in Montana. Very weird. Don't know if it was related but the PSN store was the only place I used my Debit Card online.
I'm glad I use prepaid cards. lol
Sorry to hear it, but those are very agreeable prices.
lol I thought the same thing. They must've been authorizations for food/drinks. They've since been reversed but still scary.
@ Clamedus,
Yup I already bought a $20 code off of Amazon! Going to buy Pixel Junk Shooter 2 for half off the Plus price this week.
and foremost they informed the public unlike that other company.
People like free games, who else gives away free games but Sony? Nobody that's who. A pox on the asshats who said that even that wasn't enough compensation for the outage. Compensation? It's not like they took it down for fun!
Would be interesting to see a similar assault on 360's online in the near future and see what MS would do. Then we could compare apples to apples, instead of theoretically comparing Sony to other unrelated industries and how they have reacted to security issues.
There would be no reason to compare because I'm sure MS would do something similiar at this point, seeing how Sony handled it. Sony handled it better than most would have, and have for those it's happened to before. Sony has now set a standard for anything that comes after. If it happens to any other company ( and we should hope it doesn't) and they don't do what Sony dd that's not a bad thing really, cus sony did go well above expectations. But Sony should be all the more recognized for what they've done in handling the situation.
Big, there would be no reason to compare? That is your opinion. I would be interested to compare.
It would be interesting if MS did something different I agree with that. I just think at this point they would take a page out of Sonys approach. Thats all I meant.
Big, I agree. Sony has certainly set the bar in the video game industry. I would have to think MS would have to do more since they have a paid service. An extended outtage for MS would make Sony's free PSN look mighty inviting I would estimate.
Good point. I think at that poInt people would begin trashing Sony's welcome back program because MS "was better". Of course this is hypothetical but I could see that happening.
But I agree they would have to do something, considering it is a subscription service.
Here Here World! Totally agree under the circumstances…
Q!
"play.experience.enjoy"
Don't take my comments as bad mouthing Sony, as that is not the intent.
I would say the distinction here is the fact that Sony's online service was unavailable to us for around a month. Now, if we are to compare Sony to say our bank in the event that we get a new card in the mail due to security breach, or whatever… We still have access to our bank, or credit card…the bank doesn't close its doors for a month. Or perhaps that is a bad example since we still got to play our consoles, just couldn't go online. So maybe a better example would be, the bank is open, but we just can't use ATM's, or can't use our credit cards for a month, but we could go to the bank and get cash for all our transactions.
Furthermore, Sony has a direct competitor in Microsoft that had a working network that gamers could go to. Sony did what they had to do, some say they did too much, some say they didn't do enough, but ultimately Sony really had to do something for their customers, and I'm glad they took that approach.
Your comparison with banking is not one that does your point justice. In YOUR words, it's not comparing "apples to apples".
Banking, and anything related to money is a lifeblood of society. People and businesses both small and large alike can not survive long without the ability to make transactions.
What happened with the PSN is nothing more then an inconvenience, a hobby interrupted per se, and should never be seen as anything more.
If you were looking for a fair comparison, it would be as if your HD channels on your satellite were down. You could still watch TV (play games), but your favorite programs (online gaming) were going to be missed.
Last edited by maxpontiac on 7/13/2011 1:26:29 PM
Max, sorry if you don't understand the comparison. I was making a comment regarding this article. In the article, Jesse Divnich, not I, made the comparison to a banks response and Sony's response.
The thing is the last time my card information was actually compromised during a banking system security breach it took weeks to find out, and then took another two weeks after cancelling my card to get a new one and sort out the mess. That was two very long weeks my friend, and the PSN outage, annoying though it was, was as nothing compared to not having a working debit card.
Ah, but debit card can easily be swapped out for cash, checks, or credit card. An annoyance yes, but Highlander business still goes on.
Regarding the article, I just didn't like Jesse linking Sony's response to a banks response, as it is too far a stretch to compare the two.
Easily? Automatic billing that's setup with the old card all has to be changed, you have to be able to get the cash that you use when you have no card, ad so on, and so forth. No offense, but I can't believe that you're actually contending that the PSN outage was more significant an inconvenience than having your banking details compromised at your own bank.
Oh by no means. I too have had issues stemming from when my wife was 21 and got her purse stolen. She has had identity theft issues for years, all tracing back to that day. It made buying a house pretty difficult. Any time we bought a car, rented an apartment, it was a whole ordeal every time.
PSN being down is the true true true definition of being a minor inconvenience, since we are talking about entertainment vs. finances.
The only way I mean to compare the two is in terms of downtime. With the issue you had, it is under your control to change bank accounts, auto payments, etc. There is a finish line for each task so to speak, and you could move on to the next task, or deem yourself finished fixing the problem. With PSN, it was out of all of our control. We were told 1 week, then two, then end of May. It was frustrating, and out of our hands. That is what I was referring to. With your issue you mentioned, you could at least do something about it. That was where I was coming from.
Funnily enough, I do disagree with one aspect of that, when a bank is hacked and my information is compromised. Why is it *my* job to fix it? *They* lost my information. The least they could do is assist with things like changing all my existing auto-payments and such. Not to mention rushing my new card to me instead of taking a week or so to stamp the thing out and then tossing it into the USPS magical mystery tour. Not even a hint of ID protection, nor guidance on how to approach it. That's part of the contrast I'm drawing here between Sony's actions and those of financial institutions that exist purely to protect their account holders (and do a god awful job of it).
That is ironic.
I suppose they concider it quid pro quo in the sense that they wouldn't make a person responsible for losing their wallet, only to have it found by a crook who uses their credit card information to purchase thousands of dollars of stuff. It wasn't the banks fault for a person to leave their wallet behind at a restaurant, etc.
And I'm glad they didn't charge my wife a stupid tax because her and her friends left their purses in the trunk of their car downtown 15 years ago to go "clubbing".
I agree, Sony did do a good job with their response. Just or not, their rep was headed in the wrong direction, and they needed some good press, and happy customers.
I've been watching my account closely ever since. It's one heart attack after another. I just use that plastic too damn much! Things were better before I started checking 🙁
Don't you hate that? It seems fine at the time of purchase but when you look at statements it's like you said one heart attack after another!
Last edited by bigrailer19 on 7/13/2011 1:01:44 PM
I havnt thought about this since PSN has been back. Everyone in a while I see these articles. But yes in my mind I agree Sony did everything they needed to do and more and that goes beyond giving customers something in return.
They should he getting far more credit for the way they handled the situation and thats that. If not credit then atleast they can say (so it seems) that the welcome back program was a success!
Last edited by bigrailer19 on 7/13/2011 1:02:18 PM
I would like to echo the statement made by bigrailer19.
Sony, under the circumstances handled the situation admirably. It wasn't perfect, but I never detected the lack of effort.
Plus, the PSN Welcome back program was a nice gesture, and should be appreciated by all.
Besides the "Welcome back" program, Sony's also been above & beyond in just about everything they've done so far.
That says it all!
… And these games were *really* FREE too! 😉
They were… I would have had to pay upwards of $29.99 any other time. Somehow I got them fr absolutely nothing. Weird.
Quit fueling the fire! 😉
Last edited by bigrailer19 on 7/13/2011 2:05:03 PM
Beamboom, in your mind, how would they have truelly been free? Since they take up room on your harddrive, is that why you don't think it is free, because they take up room that could otherwise be filled with something of your choosing? Perhaps if they would have mailed you physical copies? I'm only guessing as to what you meant.
I didn't have to pay my internet service provider any more money to download them, and I don't pay Sony a monthly fee for their PSN services (other than plus that is).
I understand your stance as it pertains to "free" DLC, but not in this instance.
ROFL! No, I mean it, seriously! No irony intended!
These games *were* free! They were! No strings attached!
LOL!
Last edited by Beamboom on 7/13/2011 2:24:44 PM
See everytime I see this *really* I think this "really" and I feel like you were being sarcastic. Either way I'm now in agreeance with you! YAY!
Last edited by bigrailer19 on 7/13/2011 2:28:40 PM
Aha!
No those typographic codes stems back to the good old days of word processing/formatting, when you had to type codes to make the printer format the encapsulated words as *bold*, _underlined_ or /italic/ in the paper copy.
These codes have somehow survived into the current age (well, at least in some communities), and are still supported by many email clients, text editors and even Facebook (probably Google+ too, but I havent checked).
I guess some call them "old school", or even "hardcore", while others call them "jurassic" or just plain "geeky". 🙂
Last edited by Beamboom on 7/13/2011 3:20:22 PM
Well that's a good history lesson. I knew it was your way of making something bold or stand out, didn't realize it had more meaning than that. But in this case I thought you were quoting something in a sarcastic manner. No harm done! I see it differently now.
No harm done at all – quite the contrary!
After all those pedantic rants of mine about the (mis)use of the word "free" it's lovely that when I *finally* agreed in something being called "free" I was read as being sarcastic. Just perfect! 😀
Last edited by Beamboom on 7/13/2011 3:54:45 PM
Well, it started off well, despite the hysteria from the gaming media. Sony did something that is extremely uncharacteristic of a company that has been attacked in this manner. They told people within 48 hours of the attack that there had been a major breach of PSN from an external intruder. Within something like 4 days of them hiring third party computer security/forensic specialists to analyze the attack to determine what was accessed and take and what was not they came forward and told the world what they knew. They even warned everyone to be careful and take precautions with their financial information despite the best information available to them indicating that card numbers had not been compromised.
Sony did something else that was extremely uncharacteristic of a service company, they took their service down globally as soon as the extent of the intrusion was evident to their own internal security people. Drastic though that was, it was very effective. Many companies in the past have either not detected such intrusion, or have tried to deal with it (unsuccessfully) without an outage. But Sony not only took the network down despite the certain knowledge of a PR and consumer nightmare that would come from it, they kept the system down while the investigators concluded their work. Sony kept the network down while they re-designed their PSN security and even moved the physical data center. Sony only brought things back up when their internal and third party teams had concluded their work and testing. That was nearly a month later. That is an incredibly long outage for any service company to endure. How tempting was it to flip the switch earlier I wonder?
Then when it came to turning things back on, they turned on the non commerce aspects of PSN first, allowing extra time to test and improve the commerce systems security precautions, and giving users ample time to reset their passwords and regain PSN access. The Welcome back was a straightforward apology with free stuff, and although some griped about the free stuff, the truth is the games and other bits and pieces on offer contained something for everyone, and came with no strings. The ID theft protection for free wasn't a bad idea either. In Japan Sony had to go an extra month to satisfy the internal credit card market in Japan because there liability lays with the card issuer and so they wanted to know exactly what Sony had done to protect things. It took time to show the various bodies involved all the precautions and to convince them of the effectiveness of them, but that has been done and everything is back now.
Contrast that with the actions of Citibank who recently lost about 600,000 account holder's information including card numbers and other personal information. It took them nearly a month to acknowledge the hack, a further two weeks to acknowledge it was worse than they first admitted and all they were doing for their customers was telling them of the hack and auto-issuing new cards. Remember, that's the actions of a bank, not a consumer entertainment company, a bank. The folks charged with protecting your money.
Twice I've been affected by such things other than the PSN attack and the PSN attack was the only time I was made aware of the issue within a useful timeframe and Sony is the only organization to have offered any level of compensation or proactive ID theft protection.
Sony has acted in an exemplary fashion in dealing with the attack on PSN. They took everything on the chin, including some extremely hysterical and aggressive press and questions/statements from government. Yet despite that they have apologize humbly and compensated me as well as taking multiple precautions against future attack at great cost to the company – including the extended outage.
I can't help wonder why Sony got burned at the stake over PSN when banks barely get an angry word when they lose even more sensitive information. Seems like a double standard is at work, and as usual the large Japanese company that has done more for the modern gaming industry than any other is getting the crap end of the stick.
Hmmm…..
Last edited by TheHighlander on 7/13/2011 2:21:44 PM
Part of the reason of the perceived double standard is because in the financial industry, hacks, theft, etc. happen rather frequently, so while painful to those it happens to, it is a relative blip on the radar. But with Sony's online offerings going down, in a two horse console race (can't really count Nintendo), it was news. My sister-in-law, who is NOT a gamer in any real sense, even knew about it, and asked me about it.
Also, why did they move their data center? Couldn't have been related to this. Must have just been something they had been wanting to do, and took this opportunity to do so I suspect.
very well said highlander
@My Worst…
The data center move was already planned, they brought the move forward, but there was some suspicion that there might have been an element of the compromised based on the location and construction of the existing data center.
As for other hacks being a blip on the radar. You've got to be kidding me. Go look up the Heartland Payment Systems hack (something well in excess of 100 million card transaction records were stolen) or the TJX hack (45 million active credit/bank card numbers stolen). Either of those substantially eclipses the data loss of the PSN hack. You might consider that RSA was hacked this year and confidential information about their RSA SecureID product was leaked which ultimately allowed hackers to access Lockheed Martins systems. The breach there was not so large, but the implications of attacking a known defense contractor or the worlds leading provider of secure authentication devices are huge compared to the PSN attack. There have been many others including the Citibank one I mentioned before.
The point is that in contrast to those attacks, the attackers in the PSN attack got what? Some personal information (not including social security numbers, drivers license numbers, or credit/bank card numbers), email addresses and password hashes. Everything except the password hashes could be found readily online, and there are companies that exist to do nothing but scrape such information from sources like Facebook. The password hashes can e defeated, but then something like 50% of users have a weak password that can be obtained quickly if you have access to their publicly available information.
The problem is that the true perspective of the attack and breach are well known to some more technically inclined people. It was pretty well known when the attack was still fresh in people's minds. But the media did not lead with that perspective, they led with Armageddon. I don't blame people who are not technical or out of the loop for thinking what they think, I blame the media for doing such a pathetic job.
But none of that alters the fact that Sony went well above and beyond the norm in dealing with the attack. That was known at the time even, but *not* reported. So, yes it was news, but how that news was handled matters a very great deal because it is that which shapes the perceptions of the majority of people.
Last edited by TheHighlander on 7/13/2011 4:07:49 PM
Ha, well I was answering your question with my opinion.
Highlander: "I can't help wonder why Sony got burned at the stake over PSN when banks barely get an angry word when they lose even more sensitive information."
Gotcha. Sorry, I misread and was argumentative in reply.
It's the internet. It happens. 😉
i know they were sincere, but they were a little slow to give out info at first. that silence game cuased a lot of wild speculation. i remember ben writing an article telling sony they needed to step up and stop the silence game. as for rest it was slow dragged out proccess tnat seemed to go forever. no fun at all as ps fan. i'm still amazed at the scope of data breach and the length of the outage.
i'm putting it behind me, but i wonder who was watching psn when info for 70million accounts were stolen. that person should be fired. i know sony knows how important network security is now. watch that network like a hawk sony,
Last edited by Excelsior1 on 7/13/2011 4:18:15 PM
finally, i would say has done a great job with the welcome back program and not having any outages since. keep up the good work watch your network closely.
I'm still unhappy with the very real possibility of the breach being possible due to outdated software. What happened isn't public knowledge afaik, but that's what the buzz is.
I'd really like to know if the breach was due to some absurd zero day exploit or because of known hacking methods.
Also, there's this lawsuit that alleges Sony had fired some of their security people before the attacks happened. This could be completely untrue (the article says the evidence is a "confidential witness"), and it could also be a result of the fired people deserving to be fired. I would like to know the truth, because it's also possible that Sony didn't think it was necessary to have a security team.
http://www.washingtonpost.com/blogs/faster-forward/post/sony-fired-security-team-before-first-hack-lawsuit-alleges/2011/06/24/AG0BAajH_blog.html
It's rather academic at this point, however had Sony's PSN security been as lax as you're apparently fearing or suggesting, it wouldn't have taken more than 4 years for someone to walk through the doors and execute this attack.
As for the firings, I have two thoughts on this. One is, what were they fired for? Everyone says fired, not laid of or made redundant, it's "fired". You get fired for not doing your job right, you get laid off when a company downsizes a team. The other thought is that an employee, that works in network security, and has been fired is hardly an objective source of comment or knowledge regarding a subsequent attack on the network they were partially responsible for. That's not to say they were involved at all, it's more a case of they are hardly likely to be complimentary of the security precautions, and they are very likely to take some pleasure in pointing out flaws. the flaws that existed while they still worked there, and which went unfixed at that time.
it was a good way to turn a bad situation into a better one and at the same time hopefully gain some more sales.
i just hope the whole industry has learned from this and starts to take warnings more seriously.
if someone rings the airport and puts out a bomb alert there not going to sit there saying ahhhhhh there joking now are they?
even if there wrong, or plain out pulling your leg, better to be safe then sorry, no?
though, i had to laugh at what Tim Schaaff, president of network entertainment at Sony said today.
"Great experience, really good time. Though I wouldnât like to do it again. A determined hacker will get you, the question is how you build your life so youâre able to cope with those things.â
great experience?
having millions of peoples info stolen, developers unable to continue making there games, developers unable to sell there games, your fans not being able to play there games, your fans not being able to redeem content they paid for.
thats a great experience?
$ony really have gone mad!!!!!!!!!!!!!
yeah, i saw that quote. that guy must've been high when he said that.
No, you're not getting what he's saying.
He's saying that it's a great experience because it provided a wealth of experience and knowledge of how to handle such an event and how to prevent such an event. It's a great experience in that you learned a lot and came through it.
I do agree that the phrase 'really good time' is extremely odd. but the following passage is what I think is the key to what he's saying; "Though I wouldnât like to do it again. A determined hacker will get you, the question is how you build your life so youâre able to cope with those things."
So it was a valuable experience, and in terms of building knowledge and capability it certainly was great experience. For a problem solver it could well be considered a good time because a problem solving personality enjoys the kind of chaotic situation when you're trying to put out the fires and pickup the pieces and are incredibly busy. That is when they thrive. I've been involved in major network outages in my career as part of the team responsible for the network and it is exhilarating to be involved because you know the outage isn't your fault, and you know that everyone wants it back ASAP. So you're working non stop to trace the problems and resolve them, as well as rebuild and test everything. It's a problem solver's dream because it's not one long drawn out single issue, it's dozens of small things each of which requires a diagnosis, an explanation, a workaround and a proper solution – all in a hurry. Clearly though you do want to rebuild things in such a way that the same or similar problems don't recur.
So I can get what he's saying, but it is phrased oddly.
A bit off topic, but I think this perfectly illustrates something that recent events show that Sony gets and Nintendo has forgotten: Consumer goodwill is the lifeblood of your company!
Sony's fans get cheezed off about something, and they deeply apologize, the CEO does Web casts about issue, they work to correct any damage which may or may not occur at great cost to themselves, and give away free product.
Nintendo's fans get cheezed off about something, and they tell them to shut up about it.