Sony screwed up bad.
They screwed up really bad, but did they screw up enough to warrant federal legislation, and a class action lawsuit? I’m not so sure, but when something big, bad and newsworthy happens you can always count on an ambitious lawmaker to beg for attention, and for a small army of lawyers to get erections at the thought of filing a lawsuit.
As I mentioned in earlier posts, I have boycotted Sony for months because of their lawsuit against Geohotz, and their company policies that led to said suit. That being said, I still think the media, legislative, and legal frenzy surrounding this circus is a bit much. Here’s what you need to know:
What did the hackers steal?
They basically hijacked everything Sony had on the PlayStation Network. This includes:
- Usernames
- Passwords
- Birth dates
- Home addresses
- Password retrieval question answers (ex. “What’s your mother’s maiden name?”)
- And probably a slew of data about the games you play and things you’ve downloaded from the PlayStation Network
Credit cards
While the hackers did steal credit card information, all of that information is encrypted.
That means that the credit card data should be safe, and unusable.
I have a Playstation Network account, what should I do?
Most of the the stolen information is the kind of stuff that is uncoverable through thorough Google and Facebook stalking… except for the passwords.
If you have a PSN account, and you used the same password from your PSN account in other places, you need to start changing your passwords.
Typically web services that require a password protect that password by passing the text through something called a hashing algorithm before storing them. Hashing turns your password into a unique string of characters, and the process cannot be reversed. Sony failed to hash their users passwords, leaving them vulnerable.
What Sony did was boldly stupid. I can’t even begin to imagine how a tech company to stored millions of customer passwords unhashed, but they did it… And that may warrant a lawsuit.
A PlayStation is a computer, so you still need to practice safe computing while you’re on it. Change your passwords, and while you’re at it, don’t use the same one over and over again.
The Geek Whisperer 
http://www.wired.com/threatlevel/2011/04/sony-says-playstation-credit-cards-were-encrypted/
I think that points it out best. What about if they were sniffing for the credit card information as it was being used? And what if they got the algorithm, or encryption/decryption key?
Encryption isn’t perfect… there’s always a way to decrypt.
You make the assumption that CC data is safe. That’s assuming the encryption could never be broken. This is foolish.
Also usernames passwords, home addresses, email addresses and mothers maiden name/challenge questions are probably enough to get full data reset/new cards for 90% of the average people. They better expect massive class action.
You both raise fair points. Regarless of the Sony hack, everyone should check their credit card statements, and monitor their credit. There are tons of places all over the Internet where your personal information can be compromised.
Saw an article today that the people responsible are selling the data that was stolen from the PSN for $100,000 or more. If that is the case, Sony should buy back the data from the hackers for $1,000,000 for exclusive rights to it.
http://www.geek.com/articles/games/psn-hack-may-have-exposed-users-credit-card-data-20110429/
I saw that too, and was about to update this post.
I’m interested to see if the credit card info sale is for real or if it’s a bluff.
I never tied a credit card to my PSN account, but I still monitor my credit and credit card statements because identity theft isn’t particularly complicated.