As soon as Sony (www.sony.com) started repairing the PlayStation Network on Friday, which suffered a massive downtime of 2 weeks, it was reported that data security personal at Sony were aware of the fact that an unprotected and outdated Apache Server was being used by the company.
Dr. Gene Spafford, security expert at Purdue University, reported to Congress on Wednesday that “Sony continue to run outmoded, flawed software, fail to follow some basic good practices of security and privacy, and often have insufficient training or support,” according to a report Thursday by VentureBeat. The report says hackers were able to breach the network and steal data while Sony was fending off DDoS attacks from online hacktivist group Anonymous. Sony has tried to pin the larger attack on Anonymous, but the group has denied the allegation and says “if a legitimate and honest investigation into credit card theft is conducted, Anonymous will not be found liable.”
In the middle of last month, 17th to 19th April, private information of some 100 million Sony users/ customers was leaked, these users belonged to PlayStation community and Sony’s Online Entertainment services.
Another apology was issued this week on Thursday by CEO, Howard Stringer, of Sony in which he addressed frustrated customers and told that despite being slow the company is doing everything in its power to solve the issue: “I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had — or had not — been taken.”
Though customers are concerned regarding potential misuse of information, especially credit card numbers, but Stinger has affirmed that “there is no confirmed evidence any credit card information has been misused.” PCMag reports that to minimize the damage, already done, Sony has initiated an identity theft plan which provides insurance to its US PlayStation users, a similar insurance plan is also being launched for Qriocity users. The value of this policy is reported to be of $1 million.
According to PCMag, Debix will provide this insurance policy and information of customers will be tracked using cyber supervision and surveillance. Sony has even suggested to its users that they can discuss this issue with Debix’x licensed investigator.
Netcraft is of the view that credit card information was encoded and is safe. However, “it could also be at risk if the decryption key was stored on, or made available to, any of the compromised servers.”
Stringer has even announced a “Welcome Package”, for PlayStation and Qriocity Network users, which includes a free use for a month and extension of subscription periods as well. These offers are made to PSN, PS Plus and Music Unlimited subscribers. Though it seems that Sony is providing proper compensation for the inconvenience it has caused but the users are more interested in knowing solid dates, on which services will be resumed.
Critics might speculate that this incident will hamper Sony’s reputation but the comments on Sony’s blogs show a different picture, “I am very satisfied with the way Sony is handling the situation, not rushing to get things back online without securing their servers.”
However not all users are that optimistic and loyal as a lawsuit was filed against Sony in Toronto, Canada, on Tuesday.