Things Get Worse And Worse For Sony As Another Massive Data Breach Detected

from the this-is-why-you-don't-trust-rootkitters dept

For the few of you left who still trusted Sony, now comes news of yet another massive data breach, this time for Sony Online Entertainment (SOE) users. SOE is their online multiplayer games offering. It sounds like a similar issue to the PSN hack, again with lots of data being taken. Making matters worse, apparently for players outside the US, Sony kept credit card numbers and/or bank details in an "outdated database" (read, one not properly secured or encrypted, apparently). And... Sony is now admitting that the breach occurred a few weeks ago, so this info has probably already been put to use. So, we've got the rootkit, the PSN and now the SOE issue. Who actually willingly pays Sony for anything any more?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: breach, sony online entertainment
Companies: sony


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    The eejit (profile), 3 May 2011 @ 6:27am

    This could bankrupt Sony Entertainment, and speed the decline of Big Content. In the UK alone, such a breach can be charged with a maximum fine of £3 quadrillion, if puniuched to the fullest extent of the law.

    As it is, if this is correct, then Sony are in massive breach of the PCI compliance laws in the EU. No wonder they announced freebies for all PSN customers over the weekend - they wanted to bury the bad news.

    link to this | view in chronology ]

    • icon
      Dark Helmet (profile), 3 May 2011 @ 7:03am

      Re:

      Yeah, as a PS3 owner I got that email as well. All I could do was shake my head at how pitiful it was.

      BTW, I was gifted the PS3. I did not buy it on my own. Frankly, I'd have been perfectly happy playing a bunch of classic PC games from no later than, say, 2005, but oh well....

      link to this | view in chronology ]

      • icon
        Marcus Carab (profile), 3 May 2011 @ 8:42am

        Re: Re:

        dear god, when did games from 2005 become "classic"?

        link to this | view in chronology ]

        • icon
          Hiiragi Kagami (profile), 3 May 2011 @ 9:10am

          Re: Re: Re:

          dear god, when did games from 2005 become "classic"?
          The moment a classic controller was no longer required to play them.

          link to this | view in chronology ]

          • icon
            Kevin (profile), 3 May 2011 @ 2:40pm

            Re: Re: Re: Re:

            You mean Quake III is not longer what all the kids are playing?

            link to this | view in chronology ]

            • icon
              PrometheeFeu (profile), 3 May 2011 @ 4:08pm

              Re: Re: Re: Re: Re:

              Those graphical games will never take on. I trust my entertainment to nethack and it has never let me down.

              link to this | view in chronology ]

        • icon
          Dark Helmet (profile), 3 May 2011 @ 10:16am

          Re: Re: Re:

          Look at lists of the highest rated games ever made, and you'll notice a trend. Here's an example:

          http://top100.ign.com/2005/001-010.html

          There isn't even a single game on that list later than the 90'S! And when I think of the two glaring omissions in that top 10, they're both 2000 and before as well (Final Fantasy 7 & Deus Ex)....

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 3 May 2011 @ 10:41am

            Re: Re: Re: Re:

            #21 Deus Ex
            #88 Final Fantasy VII

            link to this | view in chronology ]

          • icon
            Marcus Carab (profile), 3 May 2011 @ 11:40am

            Re: Re: Re: Re:

            Yeah, before 2000 I can see calling "classic" - it was the 2005 I balked at. That's the year WoW and COD2 came out... if that's "classic" then most of my favourite games are "antique"

            link to this | view in chronology ]

          • icon
            crade (profile), 3 May 2011 @ 3:01pm

            Re: Re: Re: Re:

            Starcraft 2

            link to this | view in chronology ]

      • icon
        Sean T Henry (profile), 3 May 2011 @ 8:50am

        Re: Re:

        Or you could just go back to when games were still good (not including FPS) and had more than 8hrs of play and get a NES and SNES then buy used games.

        link to this | view in chronology ]

    • icon
      Kingster (profile), 3 May 2011 @ 7:25am

      Re:

      We can only hope that the EU takes this into the courts, as here in Amurica, us consumers can do nothing, now that the douchebags on the Supreme Court have quashed all the class-action lawsuits...

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 May 2011 @ 8:29am

      Re:

      As it should. They could replace everyone in the company and I still won't buy. They have crossed ethic lines to many times. If you work for Sony, Start looking for work.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 May 2011 @ 8:41am

      Re:

      Sony will get off with a slap on the wrist. You're delusional if you think this will bankrupt them.

      link to this | view in chronology ]

      • icon
        The eejit (profile), 3 May 2011 @ 9:02am

        Re: Re:

        But it should bankrupt them. Personally identifying data is a shitton more valuable than your capacity to consume. Moreover, I'd like to see you come up with an argument as to why this shouldn't cost Sony their ability to trade; the fact that this was discovered over a month ago opens them up to vicarious liability on failure to prevent fraud.

        Had Sony even deigned to notify its consumers of the breach when it occurred, we would have been having a different discussion. As it is, the amount of stupid involved on Sony's part is insane.

        Non-hashed PSN info? Check!
        Holding CC details (including CVV)? Check!
        Refusing to notify people after discovering the breach in a timely manner? Check!
        Claiming everything's okay when it's clearly not? Check!

        They don't deserve any money from anyone ever again.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 3 May 2011 @ 9:06am

          Re: Re: Re:

          I never said that it shouldn't bankrupt them. I have a PS3 and I'm outraged by this news. They will more than likely get a slap on the wrist and get told to be better at protecting data and that is all the punishment they will receive.

          I'm sure they will end up spending more money on PR to try and improve their image than they will on improving security. It's disgusting but that's just how it usually seems to go.

          link to this | view in chronology ]

        • icon
          Doug D (profile), 3 May 2011 @ 10:51am

          Re: Re: Re:

          The security breach happened a month ago. They found out about it on Sunday. They shut things down Monday. I'm not claiming they're innocent and should be exonerated, but I don't think they can be accused to sitting on this for any period of time.

          link to this | view in chronology ]

        • identicon
          PRMan, 3 May 2011 @ 10:52am

          Re: Re: Re:

          I thought they didn't have the CVV... (Far be it from me to defend Sony, but I thought I read that.)

          link to this | view in chronology ]

    • icon
      DannyB (profile), 3 May 2011 @ 9:14am

      > This could bankrupt Sony Entertainment

      You say that like it's a bad thing?

      link to this | view in chronology ]

  • icon
    Jay (profile), 3 May 2011 @ 7:04am

    So let me get this straight...

    Sony wants to limit music with Amazon...
    They want to spy on you with rootkits...
    You have no privacy through their network...
    If you research these hacks, they'll sue you...
    If you try to help them in any way, shape, or form, they won't work with you...

    Well, I guess you don't have much to say except sayonara Sony.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 May 2011 @ 7:09am

      Re:

      They have dishonored their ancestors and shamed themselves by failing to apologize for it in the traditional manner.

      link to this | view in chronology ]

      • icon
        Dark Helmet (profile), 3 May 2011 @ 7:11am

        Re: Re:

        "They have dishonored their ancestors and shamed themselves by failing to apologize for it in the traditional manner."

        Well, yeah, but they can catch flies with chopsticks, so they've got that going for them....

        link to this | view in chronology ]

      • icon
        Call me Al (profile), 3 May 2011 @ 7:25am

        Re: Re:

        So if the boss of Sony committed ritual suicide then this would be forgiven?

        It would probably be cheaper for them in the long run.

        link to this | view in chronology ]

        • icon
          Rex Mitchell (profile), 3 May 2011 @ 7:34am

          Re:

          "So if the boss of Sony committed ritual suicide then this would be forgiven?"

          I won't be happy until the entire company falls on it's sword.

          ...Or at least the legal dept.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 3 May 2011 @ 9:25am

          Re: Re: Re:

          The boss? That would merely be a good start. All CxO level executives would be a good finish.

          The data of tens of millions -- if not over a hundred million people -- was exposed due to their profound negligence. The cost of that in monetary terms is well into the trillions. The cost in human terms is difficult to calculate: how do you give an identity theft victim their life back, their years of suffering and worry?

          "Enormous" doesn't even begin to describe the impact of this. As a society, we're willling to lock up someone who merely steals a 4-year-old car. What should we do with Sony's personnel, who have done something that makes that microscopically inconsequential by comparison?

          (And yes, 95% of the blame for this rests with Sony. Well-known, test, best-practice security techniques would have left the attackers with a massive encryption problem.)

          link to this | view in chronology ]

      • icon
        Berenerd (profile), 3 May 2011 @ 9:44am

        Re: Re:

        In some civilized countries, men who have failed as completely as you have, would thrust themselves on their swords...

        link to this | view in chronology ]

  • icon
    Capitalist Lion Tamer (profile), 3 May 2011 @ 7:40am

    Well, shit.

    I've got a PS3 and my choices are:

    - Get an 360 that suffers from head alignment problems
    - Step back a generation and get a Wii, along with none of the games I actually want to play
    - Shell out a couple of grand on a higher-end computer

    This doesn't include the cost of re-purchasing all the games I still like playing. Unfortunately, I've got a lot of money already riding on this hacked-up horse, so I kind of feel like I'm going to stick it out until the next gen arrives.

    God help me, I love that locked-in feeling.

    On the bright side, my Netflix still streams and I've got a really large Blu-ray player.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 May 2011 @ 8:01am

      Re: Well, shit.

      Couple of grand?! You're definitely doing it wrong.

      link to this | view in chronology ]

      • icon
        Capitalist Lion Tamer (profile), 3 May 2011 @ 1:11pm

        Re: Re: Well, shit.

        Probably. I just don't want to be adding RAM to video cards or swapping them out just to keep up.

        I'm resistant to PC gaming anyway. I've only got a limited amount of time to play and I don't want to spend part of it tweaking settings and downloading patches. I know that's short-sighted, but it is what it is. I would also like to take advantage of various mods, but I also like that when I boot up the game on a console, I know it will work.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 May 2011 @ 8:04am

      Re: Well, shit.

      Do this:
      1- Sell playstation.
      2- Buy new generation xbox (to avoid RRoD) used on ebay.
      3-Get gamefly, that way you don't have to purchase every single game you owned.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 May 2011 @ 8:54am

      Re: Well, shit.

      The new slim Xbox 360's don't seem to have any problems like the old ones. I use mine nearly every day to watch Netflix and play games and I have never had any problems with it.

      link to this | view in chronology ]

    • identicon
      captain obvious, 3 May 2011 @ 9:26am

      Re: Well, shit.

      or, stop wasting time playing video games? You locked yourself and the key is right there in your hand.

      link to this | view in chronology ]

      • icon
        crade (profile), 3 May 2011 @ 9:38am

        Re: Re: Well, shit.

        Who has locked themselves and who is free to play video games?

        link to this | view in chronology ]

        • icon
          Jay (profile), 3 May 2011 @ 11:23am

          Re: Re: Re: Well, shit.

          There's always free games to play for time wasters... Kongregate
          Armor Games
          Newgrounds

          But playing some of the games on a PS3 or 360 can make it quite worth it. Ex. I love Scott Pilgrim, but Ubisoft won't release it for any system other than the consoles. Stupid of them, but it makes them money...

          link to this | view in chronology ]

          • icon
            crade (profile), 3 May 2011 @ 3:04pm

            Re: Re: Re: Re: Well, shit.

            Hell theres always work for time wasting. I'm talking about things I actually want to spend my time doing! :)

            link to this | view in chronology ]

      • icon
        Capitalist Lion Tamer (profile), 3 May 2011 @ 1:11pm

        Re: Re: Well, shit.

        Whatever, Mom.

        link to this | view in chronology ]

        • icon
          Kevin (profile), 3 May 2011 @ 2:47pm

          Re: Re: Re: Well, shit.

          I heard that you were very disrespectful to you mother, so I am going to send you to your room for the rest of night to think about it. I don't wanna hear another peep out of you for the rest of the night.

          link to this | view in chronology ]

  • icon
    Gumnos (profile), 3 May 2011 @ 7:45am

    The breech would have been discovered earlier...

    ...but malicious parties hid their activities using a rootkit found on CDs about 6 years ago.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 May 2011 @ 10:30pm

      Re: The breech would have been discovered earlier...

      I would of went with this: The data breech was enabled by a Sony employee inserting a Sony "CD" into their work computer.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 May 2011 @ 7:59am

    SOE is dying anyway, with the long slow death of their flagship product EQ and no new games to really take its place (DCuo and Freerealms are flops) lets hope that Smedley is finally given his long overdue walking papers

    link to this | view in chronology ]

  • icon
    AndyD273 (profile), 3 May 2011 @ 8:14am

    Typo

    "Who actually willingly pays Sony for anything any more?"

    Should read: Who actually willingly uses Sony's free services any more, let alone give them money.

    An interesting solution to this and other services, go to a retailer that is a bit more trustworthy and get the PSN giftcards. Same goes for XBox live, iTunes, anyone else that wants your credit card number and might store it wrong.

    link to this | view in chronology ]

    • icon
      Sean T Henry (profile), 3 May 2011 @ 8:55am

      Re: Typo

      The solution is not to use gift cards the solution is to not buy sony products and to legislate a minimum level of protection on stored consumer data. The minimum should not require a specific tech but have requirements that must be met using any means.

      If you are really concerned about your CC# then use a CC# generating service provided by several Credit Card companies so the number will be expired by the time anyone could use it.

      link to this | view in chronology ]

  • icon
    bADiTCH (profile), 3 May 2011 @ 8:55am

    Just got my email for SOE

    Opened my inbox this morning and low and behold there was an email from Sony about my SOE account. Now I find this kinda funny about the attacks that have been discovered as of yet. But it sucks that my kids do use some SOE games and when i had to tell my son this morning that he won't be able to play his Clone Wars games he was pissed.

    link to this | view in chronology ]

  • icon
    Dave C (profile), 3 May 2011 @ 9:04am

    Where to Go?

    This will be a tough question for everyone. I don't think giving up on the PS3 is the best thing to do. Both systems have their flaws- XBOX 360 and PS3. Sony will learn from this, we can all hope. I'm going to guess that their back-end systems are now much more secure. This is the sort of thing that removes the magical cloud-cover from people's eyes about a company though. There is no reason to be a die-hard fanboy at this point. Personally, I'll keep my PS3, and keep buying content, and playing games. Same for my 360, and whatever new consoles come out from either company in the future.
    To comment on a few of the comments above, I do not think this will bankrupt Sony. I would hate to see all of those people without jobs in this economy. I do think, however, that there will be a huge whole ripped into the company by the pending lawsuits. People will get fired, trust me. Now, will the right people get axed, or just some scapegoats...time will tell. I also hope that this is an eye-opener to all companies that they can be breached, no matter how secure they think they are. It's always that one catastrophic FAIL that gets people in motion.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 May 2011 @ 9:34am

      Re: Where to Go?

      "Sony will learn from this, we can all hope."

      Why should they? They didn't learn anything from the rootkit debacle and it cost them less than a slap on the wrist.

      As long as the sheeple keep buying their goods and services, there is NO REASON for them to learn. Or to even try to learn.

      Sony cares about profit. Always profit, only profit. If they could prostitute children and make money from it, they'd do it without a second thought. They have no conscience, no morals, no ethics, no scruples of any kind.

      So to expect them to learn, or to even WANT to learn, is insane. They've already repeatedly proven, beyond all possible argument, that they're not going to. And because the sheeple keep coming back, they don't need to.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 May 2011 @ 9:27am

    THIS is why I am angry at Sony. Yes, being hacked can be considered a cost of doing business in this day and age. Yes, I am annoyed by someone who understands technology what they let leak and how. What really gets me angry, what makes me want to swear off Sony and sue them into oblivion is their delays.

    It took seven days from them discovering the PSN server holding personal information was hacked into before they said ANYTHING that sounded like "Oh, and by the way, you should keep an eye open." Hell the first two days they claimed it was routine maintenance, they outright LIED to us.

    And now this WEEKS after it happened? That is what I cannot excuse. The lies and coverups. Hell they probably would still be hiding the SOE breech, but I would wager something forced their hand.

    Being hacked? Forgiven. It is the criminal's fault.
    Having POS security? It annoys my tech side, but I can understand how they can cling to lumbering beasts or try to skimp with the money. Forgiven, grudgingly.
    Hiding all these data breeches and outright lying as to their actions? No way.

    link to this | view in chronology ]

  • icon
    Hiiragi Kagami (profile), 3 May 2011 @ 9:50am

    My answer.

    "Who actually willingly pays Sony for anything any more?"
    Unfortunately, many although I will not be one of them.

    This is a shame, too, because I once respected this company, often putting its products first on a list when shopping. However, the rootkit fiasco hit the news and I put my guard up.

    The final straw was when Sony purposely proved to the world who really owns its console and this was pretty much it for the company. In fact, I just rid myself of every component of this maker from my house, save an old transistor radio (which is just too damn nice to give up).

    It certainly doesn't help to turn and read personal attacks against users and data loss occurred after the "final straw" and I can honestly say I'm glad I left this company.

    If anyone from Sony reads this post, I welcome you to the true definition of a "lost sale", and it will take you at least a decade to restore my faith into the company.

    Isn't it about time Sony gets started?

    link to this | view in chronology ]

  • icon
    Lisa Westveld (profile), 3 May 2011 @ 9:58am

    Well, Sony still create some reasonable-quality camera's...
    Then again, I wonder when Sony will start failing in their photography department also... :-)

    link to this | view in chronology ]

  • icon
    ChrisB (profile), 3 May 2011 @ 11:42am

    This piling on is ridiculous

    Seriously. We get it. You'll never buy Sony again. You feel as if they broke into your house and killed your dog. You have spent the last 3 days rocking in a corner because you can't believe people still buy Sony stuff. Some hacker might know your name, so you're having problems sleeping at night and need anti-depressants. Oh, and by the way, games just haven't been the same since Dr. Mario.

    Don't forget to keep those posts, so you can just change the company name when someone else gets hacked or screws up. I'm looking forward to your exasperated rage again.

    link to this | view in chronology ]

    • icon
      The Devil's Coachman (profile), 3 May 2011 @ 11:58am

      Re: This piling on is ridiculous

      That must be some wedgie you're sporting there, boy! Probably have your waistband at eye level, at least. Your ludicrous attempt to marginalize people with legitimate complaint is an EPIC FAIL, and your attempt brings into question where your loyalties lie. I think we all know the answer. You think all consumers with legitimate and serious complaints against businesses run by stupid and unethical idiots should be disregarded and held in as much contempt as you were just obviously able to muster. Sod off, you corporate apologist!

      Sony.........blows ponies

      link to this | view in chronology ]

      • icon
        ChrisB (profile), 4 May 2011 @ 6:53am

        Re: Re: This piling on is ridiculous

        Thanks for clarifying. So most of my points above were right, but I forgot that Sony is run by retarded serial killers and, as a collective whole down to the last janitor, engages in bestiality.

        link to this | view in chronology ]

    • icon
      The eejit (profile), 3 May 2011 @ 3:55pm

      Re: This piling on is ridiculous

      No, it's gone beyond incompetence and into maliciousness. I'd say throw the book at Sony, but seeing as they wrote it for Hell...

      link to this | view in chronology ]

  • identicon
    Ryuzaki, 3 May 2011 @ 3:36pm

    Umm..

    Yeah, it would be nice if X-Box would give us games for the Sony games or at least a discount.

    link to this | view in chronology ]

  • icon
    Proof Creative (profile), 3 May 2011 @ 10:12pm

    Re: Article

    I don't own a PS3 yet, nor a PSN account, but when I received an email this morning notifying my details may be compromised, I surmised something else may be up, I only have a newsletter subscription from years ago!

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.