As a PS3 gamer, what can I expect in the aftermath of the PSN security breach and system outage?

psn

I've seen a few vague (very) details from Sony, including the free month of Playstation Plus for existing users, but I don't know exactly what to expect and what I'll get.

The last I read the services were to be turned on in phases starting May 1st, but here it is, the 4th, and the East Coast of the US is still dark. I gather I should change my password once I'm online, but how do I know which information is going to be encrypted going forward?

Also, how do I join the class action lawsuit against Sony? I know many people find this gauche because the service is "free", but I am repulsed by their inability to encrypt personal data, financials, and passwords. Totally inexcusable for a service of their size and exposure, and I want some revenge.


Solution 1:

Sony has released a letter detailing what they have done and are going to do.

What steps have you taken or do you plan to take to prevent future such breaches?

The new security measures being implemented include the following:

  • Added automated software monitoring and configuration management to help defend against new attacks;
  • Enhanced levels of data protection and encryption;
  • Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns;
  • Implementation of additional firewalls; and
  • The company also expedited a planned move of the system to a new data center in a different location with enhanced security.
  • The naming of new Chief Information Security Officer (CISO) directly reporting to the Chief Information Officer, Sony Corporation.

Do you currently have a policy that addresses data security and retention practices? If not, why not? If so, what are those practices and do you plan any changes in your policies as a result of this breach?

Yes, we do have policies that address data security and retention practices. Sony utilizes a global framework for providing policies to its group companies based on the international information security standard called "ISO/IEC 27001" to ensure consistent standard information security practices for each operating company. The Global Information Security Policy ("GISP") sets forth the company's information security management structure and administrative, technical and physical safeguards to protect the confidentiality, integrity, and availability of non-public information. The GISP also defines the overall direction and policy of Sony Group's information security program and the authorities and responsibilities for information security management. Additionally, Sony provides a set of 14 standards, Global Information Security Standards ("GISS"), that specify the types of controls needed for the different categories of information security management (e.g., information classification, access controls and HR security). Continued application of these policies and practices, in addition to, an expedited move to our new enhanced security data facility, are the changes being made as a result of this breach.

What steps have you taken or do you plan to take to mitigate the effects of this breach? Do you plan to offer any credit monitoring or other services to consumers who suffer actual harm as a result of this breach?

Sony Network Entertainment America is committed to helping its customers protect their personal data and will offer its U.S. account holders complimentary identity theft protection services. Because the breach affects customers worldwide, different programs may be offered in other territories. Sony Network Entertainment America is also creating a "Welcome Back" program to be offered worldwide, which will be tailored to specific markets to provide our consumers with a selection of service options and premium content as an expression of the company's appreciation for their patience and support. Central components of the "Welcome Back" program will include:

  • Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
  • All consumers coming back to the PlayStation Network will be provided with 30 days of free membership in the PlayStation Plus premium subscription service. Current PlayStation Plus subscribers will have their subscriptions extended for the number of days PlayStation Network and Qriocity services were unavailable and, in addition, will receive 30 days of free service.
  • Music Unlimited subscribers (in countries where the service is available) will have their subscriptions extended for the number of days PlayStation Network and Qriocity services were unavailable and, in addition, receive 30 days of free service.

Solution 2:

Basically the same information as in Arda's answer, but to be complete: Here is an email I just got from SOE.

Dear Valued Sony Online Entertainment Customer:

Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, province, zip, country), email address, gender, birthdate, phone number, login name and hashed password. Customers outside the United States and Canada should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-Canadian customer credit or debit card numbers and expiration dates (but not credit card security codes) may have also been obtained - we will be notifying each of those customers promptly.

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.

We apologize for the inconvenience caused by the attack and as a result, we have:

  1. Temporarily turned off all SOE game services;
  2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
  3. Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE’s services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-866-436-6698 (Monday to Friday 15:00 to 22:00 GMT excluding holidays) should you have any additional questions.

Sincerely,
Sony Online Entertainment LLC

Related

Need to login to the Steam Community from within Steam?
Is there really a black hole in Eve Online?
Does NAT leave a trace of the internal source?
Apache, redirect a client instead of showing HTTP/HTTPS error
Same netmask or /32 for secondary IP on Linux
Where can I find the Dropbox log files?
Will SRV records ever become usefull?
Postfix - blocking by From rather than sender
ZFS performance: Extreme low write speed
bash rsync is Killed by signal 2
Can I say "Neil Armstrong is the first man to walk on the Moon"?
Term for a person who conducts practice lessons