Monday, 2 May 2011

Sony gives more PSN attack details, details "Welcome Back" packages

Sony's Kaz Hirai spoke at a press conference in Tokyo this morning, offering more details about the PlayStation Network outage, the attacks that caused it, and what the company will do to help keep customers happy. He also offered a sincere apology, and bowed deeply. "This criminal act against our network had a significant impact not only on our consumers, but our entire industry," Hirai said in an official statement. "These illegal attacks obviously highlight the widespread problem with cybersecurity. We take the security of our consumers' information very seriously and are committed to helping our consumers protect their personal data."
Here's what Sony shared about the situation, and what the company is willing to do to make you happy.

What we learned

 

Sony has given us more information about the attack, including information on where the attack took place. "Following a criminal cyberattack on the company's data-center located in San Diego, California, U.S.A., [Sony Network Entertainment International] quickly turned off the PlayStation Network and Qriocity services, engaged multiple expert information security firms over the course of several days and conducted an extensive audit of the system," the company announced.
Hirai stated the intrusion was discovered between April 17 and 19, and the PlayStation Network was taken down on April 20. On April 26, Sony notified the owners of 10 million accounts that their personal information, potentially including credit card information, had been compromised in the attack.
Since then new security has been implemented, the data center has been moved to an undisclosed location, and the company has created a new position: Chief Information Security Officer, directly reporting to Shinji Hasejima, Chief Information Officer of Sony Corporation. Here are some of the new security measures:
  • Added automated software monitoring and configuration management to help defend against new attacks
  • Enhanced levels of data protection and encryption
  • Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns
  • Implementation of additional firewalls
In the press conference Hirai also brought up the online group Anonymous, noting that the group has published personal information about Sony executives online, including information on the children of those individuals. Hirai pointed out that Sony isn't claiming Anonymous is responsible for this attack, but the implication is that both Sony and Sony's customers have been exposed online.

What we'll get

Sony has detailed its upcoming "Welcome Back" appreciation program. Here's what you can expect in the coming weeks:
  • Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
  • All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
  • Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days of free service.
We can only hope that the 30 days of PlayStation Plus won't require a credit card, and that it won't auto-renew. It's hard to measure how receptive customers will be to this package, and we're interested in your thoughts in the comments. Hirai also stated that the company may reimburse the costs customers may incur with identify theft protection programs. More information should be coming shortly.
Sony has also announced that certain PlayStation Network functionality could be restored as early as this week, with differing features going live across multiple regions in a staggered fashion. One day soon, you may be able to play Portal 2 in co-op mode on your PS3.

 

No comments:

Post a Comment