Sony's Silence on Cause of PSN Outage is Troubling

The PlayStation Network remains out of commission for a fifth full day, crippling its flagship console. Even worse, Sony's statements regarding the situation provide little clarity as to why exactly the network failed in the first place. Sure, it did say it was an "intrusion". Still unanswered is when PlayStation 3 owners can expect the service back and what (if any) private information this mysterious "intruder" might have on PSN users.

Additional evidence that it could be several days before service returns came on Saturday, when Sony disclosed part of the solution to the hack involved "rebuilding our system" to strengthen security. The fact that the company is going to these lengths to fix whatever is wrong is troubling, considering a simple hack shouldn't have been able to take down the entire system for an extended period of time.

Regardless of the party behind it, the fix for a simple hack should have created little disruption: close the hole and move on. Only a more serious issue with PSN itself would explain why we're closing in on a week of no service, with Sony being so secretive on what exactly happened.

(See related: Anonymous: 'For Once We Didn't Do It' )


Just a Hack, or Something More Serious?

Could it be there has been a serious security flaw all along that only now is known? Could the flaw Sony would only know existed post the PSN hack last week? It is certainly well within the realm of possibility.

Sometimes it takes a hack to realize you have problems: a perfect example of this was the break-in to Wordpress' servers earlier this month. Those hackers gained ‘root access', giving them free reign on code and other sensitive information. Even then however, Wordpress itself never went offline.

One could further speculate (all we can do since Sony's mum), and some kind of data loss certainly falls within the realm of possibility. While the company is busy securing the network, it could also be trying to assess what these hackers have in their hands.

Take a look at the PSN's privacy policy. It states that Sony does collect information from you, including "name, e-mail address, postal address, date of birth, gender and language, password and any parental control options." Fair enough, as the biggest risk here seems to be spam.

The Devil is in the Details

Further down is where it gets a little more troubling. While the service itself is free, if you use PSN wallet services it opens up a whole new can of security worms. Information such as "credit card numbers, cardholder name, expiration date and security code" are taken and stored for future purchases. That is enough to begin to worry about credit card fraud.

I am not suggesting this is what happened or the reason for the extended outage. I am speculating. The method Sony has carefully chosen its words does allow for speculation and suspicion as to exactly what is going on. Furthermore, when a hack is involved, unless it's been ruled out these days if banking information is involved there should be cause for concern.

Here's hoping that Sony puts any concerns that I (and probably others) have that this hack was much worse than originally thought.

(Image Credit: Thank you Flickr user Altemark)

Subscribe to the Security Watch Newsletter

Comments