Sony wants you to rest easy, PlayStation Network users, but developments at the electronics giant likely have you feeling wary — and not just from the security breach that occurred two weeks ago.
Sony Computer Entertainment chairman Kazuo Hirai finally broke the company's silence on the hacker attack over the weekend, assuring PlayStation 3 owners that most services will be restored "within the week," starting with online game play for PS3 and the PlayStation Portable, CNET reports. You should also be able to play downloaded PSN movies, plus watch unexpired movie rentals from PSN and Qriocity and use the chat function.
What you won't be able to do, however, is ever trust Sony with your personal data again.
"We are aiming to restore full services including the PlayStation Store and purchasing features within the month," Hirai added. More interestingly, he noted that Sony is creating a position for chief security information officer, a gobsmackingly bizarre announcement, since it would seem the company would have benefited from already having such a job, even before the surprise attack.
Surely such a department head wouldn't have stalled a full week to tell users their personal information had been compromised, since Sony decided to wait until April 26 to inform users of the incident, which happened between April 17 and 19. Instead, they hemmed and hawed while some 77 million PSN users' data was laid bare to whatever entity was responsible. Not to worry, Sony reasoned, only 10 million of those accounts had credit card information attached to them, and even then, it's unusable without the security code found on the back of the card. Certainly that makes you feel better.
What doesn't help is the revelation that login information including email address, user name and password was not encrypted. "The entire credit card table was encrypted and we have no evidence that credit card data was taken," Sony wrote on their PlayStation blog before Sunday's statement. "The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."
That's like a bank saying while the gold bullion in the vault was safe, the cash in the drawers was taken when robbers dared to come in the front door past the guards. Hey, it's not like they expected that. Hirai said Sunday that Sony will deal with this by speeding up pre-existing plans to move the San Diego-based data servers that were attacked to a new location, beefing up security and adding automated monitoring systems and firewalls. And if you hadn't planned to already, you'll have to change your login info when you download the software update.
The company plans to make it up to you, of course, mostly by providing 30 free days of PlayStation Plus service or Music Unlimited use if you pay for those services, while some future downloads will be gratis. The larger problem exists in the fact that this is yet another disappointment for PSN users, many of whom have long complained the service, despite largely being free of charge, doesn't live up to the level of features offered by Microsoft's competing Xbox Live, which has flourished despite a Gold membership fee that runs about $50 per year.
The PSN user interface is cumbersome, PlayStation Home was a major flop and a software update last year temporarily bricked millions of consoles. This latest disaster not only will further shake gamers' faith in the onetime king of home consoles, but could end up costing Sony $24 billion in revenue, data-security research firm The Ponemon Institute told Forbes.
Furthermore, the debacle adds the specter of betraying consumer trust. It's not so much that the security breach happened — gamers are notoriously loose with online information — but that Sony took so long to get around to mentioning it. No amount of freebies or exclusives will repair that loss of goodwill anytime soon.
— Joshua Gillin writes about video games and entertainment news for tbt*. Feel free to challenge his opinions at firstname.lastname@example.org.