After PlayStation, who is next for network hacking?
Hamish Barwick
Even if you aren’t a gamer, you would have to be living under a rock to not have heard about the recent breach of Sony’s PlayStation Network (PSN).
The details have been slow to come out but come out they have indeed. The intrusion at the company’s San Diego data centre hit 77 million subscribers worldwide, with approximately 1.5 million Australian subscriptions involved. Cyber criminals harvested purchase histories, online IDs and potentially credit card data the company claims were held in an outdated database. Now, there are reports that credit card details are available on the Internet — for a price, of course.
Just today, the global giant was forced to shut down its entire Sony Online Entertainment division amid fears that, too, may have been compromised.
So what has Sony done since the hack?
According to a Sony Australia statement, the company has taken the step of rebuilding the network infrastructure to provide greater protection of personal information. Users are also being urged to change credit card details and user names once the network is rebuilt; if they come back, that is.
Over the weekend, the company announced a `welcome back’ program including free downloads of selected games and free membership of the PlayStation Plus premium service for 30 days. Members of Sony’s Qriocity music service similarly received 30 days' free use.
The company has also instituted a chief information security officer. But are all these steps a little late?
While a data breach of this magnitude is unlikely to instil confidence in Sony's customers, I’m sure it won’t put all gamers off the thrill of online multiplayer. In fact one PSN user I spoke to wasn’t at all surprised that “gamer geeks” (his words) decided to hack the network. For some, it just comes with the territory.
However, it does raise questions about the defences of data centres used by other entertainment services such as Apple’s iTunes or Microsoft’s Xbox Live. Both of these, among other popular services, hold the credit card details of millions, sitting idly by and waiting to be snatched.
In wake of the Sony attacks, Microsoft stated that the security of its Xbox Live service and member information is its highest priority. Yet a curiously coincidental service alert issued to warn users of potential phishing attempts in the popular Call of Duty: Modern Warfare 2 game is simply a hint of what could come, should hackers be willing enough to take the chance.
Apple’s iTunes service is more worrying, at about 500 million users worldwide. It’s a network that I personally belong to for the same reasons many others are; the convenience of one-click downloading. But Apple has my debit card details, one of my email addresses, a user name and password. If a hacker obtained that info, I wouldn’t be going back on there in a hurry.
So what does this mean for the future? I don’t envision people backing away from multiplayer gaming or going back to buying compact discs (CDs) — that’s so 1980s.
But perhaps some will think twice before signing up for online services that collect data and look at alternative ways of gaming, such as good old fashioned local area network (LAN) parties. At least you know the network is limited to one room and you can see who you’re playing with (no pun intended). Quake III anyone?
Are you planning to log back on to the PlayStation Network? Let us know below!
Hamish Barwick writes about security for Computerworld, CIO and Techworld Australia.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU