Sony's Latest PlayStation Network Update More Candid
You’re embroiled in what may be the largest data breach in history, your customers are livid, your network's been down for over a week, and the media's piling on like a mob of defensive tackles. What do you do?
Answer more questions, that’s what. Sony spokesperson Patrick Seybold did last night in a new Q&A series on the official PlayStation blog, and while much of it’s still basically “no comment” paraphrased, he managed to slip in a few newsworthy bits.
Like: The different ways PSN and Qriocity stored your sensitive payment and biographical personal data--Sony encrypted the former, but not the latter.
"The entire credit card table was encrypted and we have no evidence that credit card data was taken," writes Seybold in the update. "The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."
What's more, Sony says your credit card's security code (the extra three or four digit validation number) couldn't be compromised because the company never asked for it (though computer law expert Mike Godwin calls that "the weakest defense ever").
Still waiting for email notification from Sony? Seybold says "all registered accounts" should receive something by today, and that the process of cycling through all 77 million accounts "has been underway since yesterday."
And if you're wondering why the service rebuild's taking so long, Seybold says "we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway." He adds that Sony plans to say more about those measures shortly.
In the meantime, both PSN and Qriocity services remain down, though Seybold says they're expected back, at least in part, "within a week from yesterday."