JAPANESE CONGLOMERATE Sony, one of the world's biggest and best known electronics, gaming, and entertainment brands, has been brought to its knees by one of the largest private data breaches to date, but for the company the pain has only just begun.
For Sony, the Playstation Network (PSN) and its Qriocity services are much more than an online games, matchmaking service and digital storefront, it's a network that has a worldwide reach of tens of millions and showcases the brand to a wide range of age groups and demographics. For such services to be offline for days is at best embarrassing, but having to admit that it failed to adequately protect its customers' data is likely to leave lasting damage to Sony's reputation.
Sony's decision to bundle a rootkit on its CDs back in 2005 was bad enough, and the firm's decision to use heavy-handed tactics to stop hacker George Hotz from disseminating information about how to jailbreak the Playstation 3 games console raised the ire of the online hactivist group Anonymous. Even with Sony involving the courts to stop Hotz from spreading word of his jailbreak and Anonymous getting involved, the PSN security breach hit the public's consciousness when it was down for days and ultimately with Sony's admission that millions of customers' personal data had been stolen.
The fact that Sony couldn't even pinpoint what data had been stolen, specifically credit card data, only fanned the flames of fury among users and left the wider public with a perception that Sony was simply asleep at the wheel when it came to securing customers' precious data.
Sony might already have had a tarnished reputation among the technology savvy following the Sony BMG rootkit scandal, however the PSN data breach is on a different scale. It's not just the number of people affected but the fact that it made front page news on mainstream newspapers and the nightly television news has meant that Sony has been beaten, humiliated and, like a punch drunk fighter, left lurching from side to side wondering how to repair its tattered reputation.
While Anonymous admitted that it was behind the first wave of attacks on the Playstation Network, it has distanced itself from having a hand in the second, prolonged outage. Although the hacktivist group said that individual members might have acted independently it is unlikely the group was behind this attack.
Ever the people's champion, Anonymous, backed off after gamers lashed out at the group for taking down the PSN, so it is highly unlikely Anonymous would have decided to go in for a second shot at taking down Sony's PSN, and Hotz also denied involvement in the data breach. At this point there is no concrete information about who was behind the attack. F-Secure's chief research officer Mikko Hypponen admitted that it does not know who hacked Sony's network, and while Sony has said it is working with a private security firm and law enforcement to investigate the intrusion, it has released no further information.
Whether or not Anonymous carried out the attack is beside the point, however. What's known at the moment is that Sony failed to protect its customers' private data from unauthorised third parties and for that it simply has no excuse. Sony was publicly warned by Anonymous days before it attacked the PSN, so Sony should have hardened its network security defences and procedures, but it apparently did not do so.
Sign up for INQbot – a weekly roundup of the best from the INQ