This was supposed to be Sony’s year. PlayStation 3 sales were on the uptick and, back in January, the Tokyo-based electronics giant introduced its upcoming game handheld, currently codenamed Next Generation Portable or NGP. Then disaster struck, not once but several times. For Sony, 2011 is really starting to suck.
On March 11, an earthquake rocked Japan — soon after, a devastating tsunami ravaged the country’s northeastern coast. According to Prime Minister Naoto Kan, the Great Eastern Japan Earthquake is the most difficult challenge the nation has faced since World War II. The disaster has destroyed lives, supply chains and factories — including Sony’s. But for Sony, things were going to get still worse.
The PlayStation Network, Sony’s online gaming service, was attacked by computer-hackers in mid-April, and the company waited a week to inform PSN users as it attempted to verify what happened. The intrusion took the PSN offline, and more than 75 million PSN accounts were exposed, making the hack the largest data theft in history. Players were outraged. U.S. politicians, including Sen. Richard Blumenthal demanded to know how a hack of this scale could happen. Class-action lawsuits wanted to know the same thing. This week, Sony appeared before the U.S. House of Representatives as a Congressional subcommittee works on new data-protection legislation that could be introduced within weeks.
It wasn’t only the PSN that was compromised. Sony Online Entertainment, the massive multiplayer online game division, was hacked, and by May 2, Sony had taken SOE offline. The breach led to nearly 25 million SOE accounts being compromised. While the PSN encrypted players’ credit card numbers, the SOE hack resulted in nearly 13,000 credit card numbers being stolen. According to rumors online, PSN users have experienced credit card fraud; however, according to Sony, there’s no proven connection between the PSN hack and such fraud, and credit card companies themselves aren’t reporting an increase in fraud.
To make amends, Sony held a press conference with Sony Computer Entertainment boss Kazuo Hirai apologizing and answering questions. As with any Japanese corporate screw up, the bowing execs provided a good photo op.
Yet, just weeks after the PSN hack, an exploit in the PlayStation Network password reset page was discovered, making it possible for unscrupulous hackers to change PSN users’ passwords. Sony quickly took the reset page offline and rectified the issue.
With 20:20 hindsight, it’s easy to pick holes in Sony’s online security, deriding the company for failing to encrypt personal data or pointing the finger at the company’s arrogance. As the past has shown us, if hackers set their mind to it, they can get through anything, whether that be the Department of Defense or NASA — both of which have been hacked. It’s not cynical to say all online data can possibly be compromised. It’s true.
However, Sony might have made things worse, stirring up trouble. For months leading up to the PSN hack, Sony had been taking the hacker community head on with a lawsuit against famed hacker George Hotz, who figured out how to access the PS3’s source code and then posted it online. Hotz has denied involvement in the PSN hack, and there’s no evidence pointing to his involvement. Sony’s decision, however, to go after hackers does seem to have pissed off someone, leaving the company vulnerable to attacks. Hacker collective Anonymous took heat for the hack. The group held a protest at Sony stores over the Hotz case, but turnout was low and the whole thing ended up as an embarrassment. Anonmyous denied responsibility for the hack.
In the past few weeks, Sony and Sony subsidiaries have been hacked multiple times: Sony Thailand’s website, Sony Ericsson’s Canadian eShop, Sony’s online provider So-net, Sony BMG in Greece and Sony Music’s website in Japan. The methods of intrusion are apparently different from the PSN hack, so it’s not believed that they are related, but this could be a case of ticked-off copycat hackers looking to exploit Sony’s online security.
To date, the PSN hack has cost Sony more than $170 million. After approximately a monthlong outage, the PlayStation Network returned in North America and Europe in mid May. Sony launched a “Welcome Back” campaign when the PSN went back online, offering gun shy PS3 users free downloadable games. After complying with the Japanese government’s Ministry of Economy, Trade and Industry’s demanded preventive measures for future hacks, the PSN went back online in Japan this past Saturday.
The PSN is slowly returning to full capacity, but the hacks’ stain and skittish player confidence will linger. Rival online network, Xbox Live, appears to be a far more secure option, perhaps leading some gamers to reconsider the PSN as their go-to online gaming option. For Sony, hopefully the worst is behind them. But 2011 isn’t over yet.