Massive Playstation data breach; 77m users hit
Tokyo, April 27, 2011
Sony Corp suffered a huge breach in its video game online network that allowed the theft of names, addresses and possibly credit card data belonging to 77 million user accounts, in one of the largest Internet security break-ins ever.
Sony said it learned of the breach in its popular PlayStation Network on April 19, prompting it to shut down the network immediately. Sony did not tell the public about the stolen data until Tuesday, hours after it unveiled its first tablet computers in Japan.
Executives at the tablet launch in Tokyo made no mention of the network crisis when the glossy devices were unveiled, nor at a later briefing with journalists. The tablets, which come in two sizes, will be the first to enable the use of PlayStation games and mark Sony's ambitious drive to compete with Apple's year-old iPad.
An "illegal and unauthorized person" obtained names, addresses, email addresses, birth dates, user names, passwords, logins, security questions and more, Sony said on its US
A Sony spokesman said it took "several days of forensic investigation" after learning of the breach before the company knew consumers' data had been compromised.
The news sparked fury among some users. "If you have compromised my credit information, you will never receive it again," read one message on the PlayStation Network blog from a user under the name Korbei83.
"The fact that you've waited this long to divulge this information to your customers is deplorable. Shame on you."
Sony is the latest Japanese company to come under fire for not disclosing bad news quickly.
US Democratic senator Richard Blumenthal sent a letter to Sony asking it to explain why it didn't notify PlayStation owners sooner. Sony has also reported the breach to the Federal Bureau of Investigation, the New York Times reported.
The shutdown of the PlayStation Network prevented owners of Sony's video game console from buying and downloading games, as well as playing with rivals over the Internet.
Sony said it could restore some of the network's services within a week. Alan Paller, research director of the SANS Institute, said the breach may be the largest theft of identity data information on record.
The online network was launched in the autumn of 2006 and offers games, music and movies to people with PlayStation consoles. It had 77 million registered users as of March 20, a Sony spokesman said, almost 90 percent of them in Europe or the United States.
The breach is a major setback for the electronics giant. Although video game hardware and software sales have declined globally, the PlayStation franchise is a substantial profit source and remains a flagship product for Sony.
It will be a blow for Kazuo Hirai, who was appointed to the company's No. 2 position last month after building up Sony's networked services.
The crisis could also overshadow Sony's plans to launch a new hand-held games device, the Next Generation Portable, by the end of the year.
"It's a red flag to a lot of people as to how Sony conducts its business," said Sue Cato, head of corporate communications advisers Cato Counsel in Sydney.
"This will have regulators concerned about security, it will have consumer organisations concerned, it will have some gamers concerned."
How fast Sony can bounce back depends on a number of factors, said Ricardo Torres, editor-in-chief of Gamespot.com.
Sony said children with accounts established by their parents might have had their data exposed. It said it saw no evidence credit card numbers were stolen, but warned users it could not rule out the possibility.
"Out of an abundance of caution, we are advising you that your credit card number (excluding security code) and expiration date may have been obtained," Sony said.
Analysts said that while Sony has notified customers of the breach, it had still not provided information on how user data might have been compromised.
"This is a huge data breach," said Wedbush Securities analyst Michael Pachter, who estimated Sony generates $500 million in annual revenue from the service. "The bigger issue with Sony is how will the hacker use the info that has been illegally obtained?"
Sony has hired an "outside recognised security firm" to investigate. It said user account information for the PlayStation Network and its Qriocity service users was compromised between April 17 and April 19.
The Japanese firm declined to comment on whether it was working with law enforcement officials. - Reuters