On the heels of the Epsilon hack at the beginning of this month comes word that Sony's PlayStation Network, and Qriocity streaming movie and music service have suffered a significant security breach. While Sony's "slip up" might not be as massive as Epsilon's in terms of the number of customers affected, the breadth of the information breached -- including user names, passwords, email addresses, physical addresses, birth dates and more -- make it far scarier. Even worse, while it looks like the credit card information on file was at least encrypted, and Sony claims that there's no evidence that it was taken, the company adds that it can't completely rule out that possibility.
Sony takes its time and gets it wrong
If all of this was not bad enough, the fact that this train wreck of a breach has played out in slow motion (or so it seems) has left lots of users and pundits up in arms. PC World provides a timeline that lays out the key events in this more than week-long (and counting) saga, and Sony's response. For its part, Sony says that the delay in getting the word out regarding the scope of what had happened was not due to any foot dragging, but a real gap in time between when it discovered that a breach had occurred and when the results of a "forensic analysis" revealed the extent of the compromised information.
To say that PlayStation/Qriocity users are shocked and disappointed would be an understatement. Even before the nature of the breach was fully revealed, gamers had grown frustrated by Sony's behind-the-scenes activities, which had shut down the networks since shortly after the attack was discovered, and has left them down since and for at least the near future. Even politicians are getting into the act, with U.S. Senator Richard Blumenthal writing Sony directly requesting more information about the breach, and the delay in informing the public about its nature. And, of course, the lawsuits have begun.
Blogger Paul Tassi at Forbes.com lays out some of the history of what made Sony such a target of hackers, and it's an interesting read. Whether or not you agree with his take that Sony brought this upon itself through some of its actions, there's no arguing with his view on Sony's questionable security when it came to protecting users' information: "This kind of info should be stored at the highest level of encryption possible, which [it] absolutely was not, and while Sony has been focused on making sure their movies can't be bootlegged and their games can't be pirated, they forgot to protect their millions of consumers who trust them with their personal information," Tassi writes.
Why you should worry
Unlike the Epsilon breach, what's known to have been compromised provides enough information about those affected to make identity theft a real possibility -- and that's a true nightmare as anyone who has lived through that can readily confirm. If credit card numbers do wind up as having been part of the heist, things get that much worse.
That's why it's important to take the advice of Sony and security experts seriously if you are a PlayStation/Qriocity customer. At the very least, do watch your credit card statements extra carefully, and be even more vigilant regarding phishing attacks and similar scams. Some add that cancelling a credit card that you've registered on the PlayStation Network wouldn't be the worst idea in the world.
If you are concerned about identity theft, Sony points out that its U.S. customers can place a fraud alert on their files with the major credit bureaus. The upside is that placing a fraud alert makes it harder for someone to get credit using your stolen identity. The downside is that it also drags out the process if you want to get a new credit card or loan for yourself.
Once the PlayStation Network comes back to life, log in and change your password to something that's secure; see our earlier post on the Epsilon breach for some guidelines. Even before that, if you've used the same password on other sites (an increasingly bad idea), log in and change those up. Our earlier post has some other suggestions for keeping safe on the Internet. Much of it is basic common sense. Unfortunately, all of it is becoming far too familiar as of late.