24,000 Accounts Exposed: Sony’s Swift Descent Into Night
By Matt Peckham
You’ve heard the aphorisms about bad publicity? Well don’t tell Sony, because at this point they might snap, and the hits keep coming: The outage, the media blizzard, the long lull, the sudden breach reveal, the second blizzard, the denial, the (literally) bent-over apology, and now: the breach-we-didn’t-know-about number two.
Pity that busy corporate creature Sony unwise: unwise because they kept an “outdated” 2007 credit card database on file with something like 13,000 non-US credit card numbers. The hackers who took your relatively innocuous names and addresses and birth dates between April 17th and 19th may have made off with those, too.
And more besides, to the tune of 10,700 “direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain.” Let’s see, that adds up to what–almost 24,000 exposed? Something tells me analyst estimates that this’ll be a minor-league $50 million publicity hit, all told, were shy of the mark.
The PlayStation Network’s still down with the two-week anniversary knocking tomorrow. Also: Media-streaming service Qriocity. Add Sony Online Entertainment to the party as of 1:30am PT Monday, May 2nd, dragging PC gamers into the muddle: So much for games you weren’t playing much of anyway, e.g. EverQuest II, PlanetSide, and Star Wars Galaxies–though my condolences for the ones you maybe were, like Free Realms and DC Universe Online.
Where does Sony go from here? Forward, of course, presumably to PSN and Qriocity service re-launches as planned this week. The company already apologized not two days ago (with frowny faces and deep bows). And they’ve come out apology-swinging this time, segueing from the classic “we deeply regret” tagline to a straight up “We apologize for the inconvenience caused by the attack.” No semantic hemming or hawing in the margins.
Not that apologies magically reinvigorate services, or safeguard pilfered data, or reassure any of us the new security architecture’s sufficiently resilient. And we’ve sort of danced around the next point, but the fact is the size and scope of this catastrophe rings a monster dinner bell for like-minded (or worse) perpetrators: This is how you take out an $88 billion revenue company with your fingers and the wherewithal, reads the between-the-lines version of events.
What a mess. At this point simply getting the service(s) back on their feet won’t be enough. We need to better understand how and why this happened, and then how Sony, the FBI, and whoever else plan to catch the perp(s). We’re talking epic level criminality, deserving of epic scale punishment. Let’s not get so lost in our damnation of Sony (or at least their security measures) that we forget who’s really responsible. If something isn’t hack-proof (and what is, really?), it doesn’t give you license to break in. An open window isn’t an invitation to rob someone blind.