Gaming Nexus debate: The PSN Data Breach

Article

posted 5/4/2011 by Jeremy Duff
other articles by Jeremy Duff
One Page Platforms: PS3 PSP
 When 2011 draws to a close, and the industry looks back, the great PlayStation Network outage / data breach will undoubtedly be one of the top stories of the year. The amount of attention that this story has received over the past couple of weeks is unprecedented in terms of an industry event (gaming). The debacle has managed to break out of confines of our little gaming world and land on the radar of not only the mainstream news and media, but also numerous government agencies and departments including the Department of Homeland Security and Canada’s Privacy Commissioner.

Even though the facts regarding the data breach and its effects are just now making their way to the public, everyone seems to have an opinion on the events that have transpired. This past weekend, I decided to reach out to the rest of the Gaming Nexus staff and see just how they felt about Sony’s ordeal and how the situation had been handled. Just as I found in surfing the Internet in recent weeks, the opinions of our own staff covered a wide range of perspectives from optimism and forgiveness to outrage and cynicism. It is important to note that these views were all expressed prior to Sony’s official press conference and Q&A sessions held on the subject on Sunday in Japan. The press conference, which Dan reported on early Monday morning, outlined the events that had transpired and Sony's plans to restore services over the course of the coming weeks.


So, just how does the staff of Gaming Nexus feel about PSN-gate 2011? Let’s find out.


Do you agree with the manner in which Sony has handled the security breach re: PSN?

The Naysayers...
Ben Berry: The problem here is that this isn't just your credit card number being stolen, which today is not only all too common, but usually fully reimbursable by your card company. Rather, it included your address and other private details. We simply have no idea whose hands this list will end up in.
The Pendulous...
Tina Amini: I'm conflicted here. On the one hand, as a consumer who is potentially at risk for the worst (i.e. identity theft), I'm distraught that Sony held out giving any information earlier. I would have changed my passwords and monitored my credit cards much earlier on. On the other hand, I understand that Sony is a business and their first and foremost concern is maintaining their status. That's not to say that this excuses them, nor that a business' main priority should be themselves when they obviously have a responsibility to their consumers, but I can see the reasons for why they withheld the information. I do, however, find it strikingly odd that they consistently warn users about protection of their accounts and lo and behold they cannot control their own security. One of their main "selling points" has ultimately turned into their destruction. That's ironic to say the least.

Matt Mirkovich: I don't agree with how Sony handled the situation, but I think they have done the best that could with what they had to work with. Although instead of just shutting off PSN and then saying nothing, they could have at least said, "We've been attacked, we're shutting down PSN, when we have the data pertinent to our users then we will notify them." Instead users got silence. I certainly would like to have known what had happened after I spent 40 dollars on PSN cards so I could pick up Arcana Heart 3 and was met with networking errors.


The Optimists...
Shawn Sines: Since I spend my normal life working in Information Security, I actually think the response here was reasonable. People are too used to the Hollywood and CSI investigation concepts - digital forensics and information security investigations take time, and often you can
make errors or mistakes if you report before you have all the facts in evidence, or at least understand the root cause and extend of a security incident.

Charles Husemann: It's been mostly good but a bit more transparency from the start would have been appreciated.

Jeremy Duff: I am not sure that they could have handled any better than they have. I have had the unfortunate experience of having someone “obtain” the credentials to my bank account / credit card and clear me out and the business involved with that ordeal wasn’t anywhere near as open and helpful as Sony appears to be / has been in this scenario. Many people are bothered by the timeline of details, or when they were given out, but I think Sony handled it adequately and appropriately.

Russell Archey: Except for how long it took them to tell us why the PSN was down for so long, it's been pretty good.

John Yan: Yes, I think they handled it the best they can. You always want to get all the information or as much as you can and they did what was pretty much, I think standard. You don't want to put information out there you don't know and you don't want to throw out misinformation just to get something out there. I'm sure they went through all this with their lawyers and such so I have no problems with how they handled it.
Page 1 of 3