As you all by now surely know, PSN is down. It went and got itself hacked. And there’s no telling when it’s coming back up. Now Sony has admitted that as many as 70 million user accounts have been compromised, with personal information and encrypted credit card numbers in the paws of some script kiddie. A few analysts are speculating that this little fiasco could cost Sony upwards of $20 billion.
Now, there’s been some debate over how users should feel. I mean, of course users are pissed that they can’t access PSN, and I suspect most people are less than thrilled to know that their personal data has again been compromised by a company that held it with the implicit promise to keep it safe. Lawsuits have already begun. Of course, here in the United States, the US Supreme Court – in an ongoing Republican war on civil rights – have made it very, very difficult for class action suits to proceed in this country, which will offer some measure of protection for Sony. Ironic to get this news when gamers are also waiting with bated breath for another Supreme Court decision, expected any day now.
I’ve been kinda on the fence about blaming Sony. On one hand PSN is free (Xbox Live Gold is not), and I always get a little bitey when people complain about free stuff – like all the crap Valve takes for releasing Portal 2 12 hours early instead of 48 hours early despite the fact that gamers failed to do what they had to do to secure an early release. But others have made some good points about this: that the PS3’s super high price was, in part, a way to offset the fact that PSN is free. That offering an online service is assumed in modern consoles, and therefore a serious outage is cause to complain. That Sony brought this on itself by the way it treated some of its customers.
So from a certain perspective, Sony was hacked; that’s sad. I definitely agree that the company should have been more secure, and it has seriously mishandled its communication and dissemination of information to its customers. Of course, I also tend to believe that groups like Anonymous (who say they are not to responsible; I’m inclined to believe them) will always be able to defeat any security measure thrown at them. Enhancing security tends to annoy consumers and do little to deter hackers. I just don’t believe that any software company will ever be able to create something that’s unhackable. And the instant you say something is unhackable, everyone makes it their mission to hack it.
I’ve been playing on my PC recently and am thus totally unaffected by the PSN outage. I’ll get back to Enslaved eventually, but that’s not an online game; I feel much more sympathy for those who bought Portal 2 for PS3 knowing they’d get a free Steam copy (oh! Look! Valve’s giving something away for free! Let’s complain about it) and be able to play co-op with PC buddies. Of course, co-op Portal 2 is online. So those people are hosed. And I’m guessing they can’t get their code for the Steam version of Portal 2 without activating their PS3 version online either, or else Dobry would have already called me and sung the new song.
Thus do I find myself at a crossroads in weighing blame. I’m mad at Sony for… well… for messing up, I guess. For not being secure. For not encrypting all its data. At the very least it shouldn’t have been this easy for a hacker to get that stuff. But I’m also mad at the hacker, who is ultimately responsible. And I’m mad at the Court because though Sony is sort of the affronted party here, it should be sued in a class action for failing to protect the data of its clients. They can claim that they were hacked five ways to Friday; even if they couldn’t have stopped it they’re to blame because when you assume stewardship of private information and fail to protect it, it’s your ass even though no power on earth could have succeeded in keeping it safe. That’s the price you pay for asking consumers for something valuable: an implicit promise you’ll keep it safe.
So tell me, Tap. Who should be the prime recipient of Steerpike’s rage?
Email the author of this post at steerpike@tap-repeatedly.com.
I know Gregg is having an mental break down as he can’t even play Portal 2 as he has to activate it online first… Not good.
I am playing my Ps3 version of Portal 2 and loving it. I don’t know about blaming Sony. I like Sony.
I like PlayStation. I like their games. Potentially bringing them down in some kind of mega-class action lawsuit for 20,000,000 users doesn’t seem like it would help anyone. I have no idea how the law works here. Is there a “cap” on how many people can be involved in a class action suit? How is payment distributed, if at all? If every use gets $3,000.00, then Sony pays out $60,000,000,000. Doesn’t seem likely.
Dobry, I will answer your questions.
1. No, there is no “cap” as to how many people can be considered a “class” in a class action lawsuit. All you really have to do is define a certain class of people and then have a court certify that class. Defining a class is relatively easy. Having that class certified by a court can be a bit more difficult. For example, I believe there was a class action regarding the price of CDs and there was a class certified that included anyone who bought a CD within a certain 4 year period. Classes can be massive.
2. Once a class is certified by a court, then there is a notice sent or published allowing people in the class to “opt out” of it. Typically people don’t opt out of a class. Primarily because they arent’t even aware they are in one for the most part.
3. If damages are awarded, either through a settlement or a final judgment, then the damages get distributed to the class. Damages are typically estimated by some damages expert who figures out how the class was damaged. It can be complicated. The settlement or award is, again, either published somewhere or mailed to members of the class. If you can prove you are in that class, i.e. a owned a Play Station 3, were on the PSN network, etc., then you would be entitled to whatever the per-class member damages award was estimated to be.
In this case, I think it would be pretty easy to identify and notify all of the class members, since, persumably, Sony has all of this information. So, the odds of the class members getting a check for some amount at the end of the day would be pretty good.
Of course, the attorneys for the class can typically take home about 1/3 of the damages estimates. Class actions can be massive cash cows for plaintiffs’ attorneys.
OK, so, apparently, PSN will resume on the 3rd of May: http://www.eurogamer.net/articles/2011-04-28-sony-expects-psn-will-be-back-by-3rd-may
As for laying the blame, I mean, of course it’s the hackers who are the first to blame. I mean, even GeoHot reminded everyone: hacking shit up – cool. Stealing people’s identity and causing massive damage to millions – not cool. So, no two ways about it. Whoever did it is to blame. Anonymous are probably not behind this, first because they said they are not, second because it’s really not their style. I mean, they will create massive-ass headaches for people (corporations and civilians alike) but they’d hardly do it and NOT brag. Quick visit to 4chan will demonstrate that they are NOT bragging. QED. This looks more like work of professional phishers/ scammers, my guess is Chinese, Ukrainian or perhaps Russian. Anyone positioned closer to the west than that would be pretty insane to pull a stunt like this. But then again, I do not deny that there are some pretty insane people out there.
That said: Sony are MASSIVELY to blame. They, or more precisely their SCE division has been responsible for some of the worst mistakes in the history of videogaming business and they made most of them in the last six years. They bleed money all over the place, release and kill products without thinking, sink massive amounts of money into idiotic hardware, offer needlessly dysfunctional services and are an absolute PR disaster. In the last year we also learned that whoever is in charge of their cryptography must be a complete bellend. I mean, the way PS3 was hacked is simply ridiculous and now this? Passwords stored server side? In plain text??? Who did Sony hire to take charge of data security? Cheech & Chong? Beavis & Butthead? They are absolutely to blame because they offer you service that does not work: you can’t access games that you own, you can’t access features of games that you own, your private info has been stolen. I don’t know about a class action suit, but noise certainly HAS to be made. Personally, I am not that heavily hit, all my PSN games have been downloaded to my HDD so I can access them and, sure, I can’t play MvC3 online at the moment, but I have started playing Yakuza 4 the other day anyway. Also, I have never given my private data to Sony (using a fake name and fake address because anyway, my country is not even listed on PSN) and I only use cash for transactions. But still. This is a paradigm shift. This SHOULD make us view every single digital distribution service from a different standpoint in future.
Just to clarify, I’m also playing and loving Portal 2 on my PS3. I’m also pissed that all my personal data is in the hands of a miscreant. I’ve got to go through pretty much every site I’m signed up to and change my username and password. Do you have any idea how many sites that is? No, neither do I. The email that Sony have sent me today has landed just before an extended bank holiday weekend so I don’t think I’m going to be cancelling my card until Tuesday. I’ll have to check on that.
Words can’t express how pissed I am about the data not being encrypted though. Hackers or not, that shit isn’t forgiveable just in case something like this happens. It’s funny, for how straight forward my PS3 is meant to be it’s caused me more irritation in recent memory than my PC has. Sure, my PC has hiccups but I expect them, I always have.
The blame has to go to the hackers I’m afraid. We’re talking about something which costs a company potentially billions, has resulted in potential identity theft and fraud and has disrupted a global service to millions and millions of people. Whichever way you look at it, that’s happened because a group of people have made it their mission to do that in the first place. All because of some childish vendetta or crusade. Pathetic.
Unless it comes to light that this incident is directly down to negligence on Sony’s part, then I’m personally uncomfortable with blaming them for it. They’ve been shit on from a massive height, but if a group of dangerous and incredibly talented hackers set their sights on Nintendo or Microsoft with the direct aim of causing as much trouble as possible, I’d wager the outcome to those services wouldn’t be so much different than it is to PSN. Unless of course it’s proven that this was down to Sony fucking up.
I believe the worst thing Sony did in this instance was pursue George Hotz with the tenacity and aggression with which they did. I think it could be argued that they went too far chasing after one man, and in doing so painted a target on their own backs and handed the rifles to a whole different class of people.
Even then, I’m also not going to criticise Sony for trying to protect the integrity or security of their services in the first place..
That is an important point, Mat. That Sony was targeted was because of its behavior recently. But I would be very surprised to learn that whoever hacked PSN would be unable to hack XBL or Wii network. It’s like claiming a piece of software can’t be pirated. Guess what? Someone will figure out how, and that someone won’t be working for you.
You know, it’s funny, here at Tap we were victims of a hack a few years ago. By all accounts it was nothing – two clowns not out of high school took advantage of a SQL bug. They did it for fun. We hadn’t done anything to them.
So I don’t like hackers but I go out of my way to avoid antagonizing them. It’s like a philosophy I have with dentists and people who cut my hair: don’t piss of people who hold sharp stuff near your face.
Sony doesn’t “deserve” a $24B bill for this, but as Meho and Gregg point out, they should have done more to protect us. And they should have told us more frankly what was happening. Maybe the only ones entirely blameless in this are the customers who get to spend the next few weeks watching their credit card statements, changing passwords, and worrying about their information.
Ironically, though, George Hotz is probably the real voice of wisdom in the wake of this. He pointed out that if maybe Sony had hired some security engineers instead of hiring more lawyers, this wouldn’t have happened.
You know, when I first saw this post, I thought Steerpike was calling the AofA overrated, and was momentarily hurt and offended.
On the subject of the discussion, I’d just comment that I’m not sure Dr. Strangelove/Saw III and Portal/Dead Space are a fair comparison. Where as most people who watch any movies at all would agree that the Saw series is crap, I don’t think you’d find as many gamers who’d feel that way about Dead Space. It may not be on everyone’s favorite list, but it is a fairly popular game, and much more loved (and arguably much better) than Saw III.
Otherwise though, I agree with the author of the article that scores are crap, and a writer’s review should be the focus of the consumer, instead of a number or letter grade with subjective meanings.
“Otherwise though, I agree with the author of the article that scores are crap, and a writer’s review should be the focus of the consumer, instead of a number or letter grade with subjective meanings.”
Yeah, but that’s not THIS article!!!!
Silly Armand. We can’t take that guy anywhere. ; )
Yes, I meant to leave a blank comment.
No actually, I said:
::Walks into a corner in shame:: but I used “>” instead of “:” which must have made it think I wanted to do something else.
I wonder we will get as compensation for this.
A free Mini?
Calling All Cars?
Good article.
Blame is unimportant. Ideas for solutions and prevention should be at the forefront.
Hackers are lame; Sony was complacent. Maybe we were all complacent for putting our credit card numbers and primary email addresses into a video game console, maybe doubly so after Hotz proved how susceptible the platform was to exploits.
Learn, get better, move on — that goes for us and Sony.
Any thoughts on the idea that this incident shows that the once obviously massive advantage in mechanical and software reliability of consoles over PCs is on the decline, and the eventual effects this may have on the PC market?
Has everyone seen Sonys apology conference from earlier today?
I don’t know if I’m going soft in my old age but seeing Kaz and the other Sony execs bowing, and knowing the significance of that in their culture.. shit, I can’t stay mad at these guys. It was a very dignified and – more to the point – human response from a global corporation. When they said they are sorry I genuinely believe them.
I still love you, Sony.
From what I read on Gamasutra it sounds like PSN will be coming back up “incrementally” over the coming week. When it does return they’ll apparently be slapping a PS+ on everyone’s account for 30 days.
Sorry for the late response Jordan.
I think the blame is hugely important because that’s where the hammer will fall. If what Meho says is correct with regards to the data being stored in plain text then quite frankly the hammer deserves to fall on Sony because of their gross mishandling of our personal data. Encrypting data shouldn’t be a preventative ‘idea’ at this stage and level, it should be a given.
For me nearly everything else surrounding this debacle is peripheral because a major security risk has been exposed here and nobody else but Sony can be held accountable for it. Sure, the hackers got in but Sony left our valuables on the table.
Of course, if they did encrypt the data then things are back up in the air again.
Yeah, I’m kinda mad at Sony too (not as much as the hacker/s though). It’s the betrayal of trust more than PSN being down that’s the bummer. I’m sure Sony made it hard for hackers to get in, but unfortunately not impossible. I’m just glad that my PSN password isn’t used for much else aside from PSN. I’ll be keeping a damn strict eye on my credit card balance though, just to make sure there is no undue activity.
I certainly think a make-good to Sony customers is in order, but PS+ for 30 days? That’s lame to the power of lame compared to the scale of breeching our confidential details to some ne’er-do-wells.
Sony should force everyone to change their passwords now, immediately, for PSN before anyone gets onto PSN.
And then I think they should offer a credit voucher for an amount to be used on a game or two of the customer’s choice. If PS+ was a service I wanted, then I would have paid for it already. Treating me to a “trial” period of it seems like Sony are hitting me with “advertising” after I’ve been unwittingly exposed (and I usually like at least one drink before I am unwittingly exposed). This shouldn’t be an excuse for Sony to peddle more unwanted stock on their aggreived customers. Customers’ choice, is all I’m saying. That’d certainly go a long way to mollify me.
Potential Canadian class action lawsuit being floated
http://ca.news.yahoo.com/ont-woman-sues-sony-over-data-breach-065342478.html
Confirmed a few days ago that around 13,000 credit card numbers were stolen during that initial breach of security.
http://www.pcworld.com/article/226875/sony_online_entertainment_hacked_12700_credit_cards_stolen.html#tk.nl_gox_h_cbintro
Some distressing information about the possibility Sony knew about PSN’s vulnerabilities:
http://www.strategyinformer.com/news/12206/sony-we-knew-about-psn-security-flaws
Alleged IRC chat log from hackers discussing PSN’s vulnerability from last February (it’s long–within they allege “Sony doesn’t care about its customers,” presenting a possible attempt at justification for stealing personal data):
http://www.thehackernews.com/2011/04/complete-irc-chat-of-playstation.html
Purdue professor Dr. Gene Spafford claims PSN had outdated software, NO FIREWALL, and Sony was aware of it:
http://www.gamespot.com/news/6312333.html?tag=updates;editor;all;title;4
Fascinating article about the possibility that “break away Anonymites” are responsible for the attack:
http://www.thinq.co.uk/2011/5/7/break-away-anonymites-likely-behind-psn-hack/
Anonymous admits they are responsible, sort of:
http://www.thinq.co.uk/2011/4/24/anonymous-claims-responsibilty-sony-attack/
Gene Spafford’s claims were in front of Congress, by the way.
I blame Sony for creating their own vulnerability and for sitting on the the news that they’ve been hacked.
I blame Anonymous (whether they agree as a group or not) for harming customers with service denial and possible identify theft.
I further blame Anonymous for possibly planning additional attacks on Sony.
In short, I blame everyone. Fuckers.
Anonymous’s website denies responsibility, claims thieves intentionally left incriminating evidence to derail investigation:
http://anonops.blogspot.com/2011/05/lets-be-clear-we-are-legion-but-it.html
Certainly possible and definitely confusing.
Choice of two from four games, as compensation:
http://au.playstation.com/psn/news/articles/detail/item373787/PSN-Welcome-Back-Programme/
The eight people who don’t own LBP (like myself) now have no excuse.
You and me both (which must leave 6 others out there who don’t have it) 😛
I already have Dead Nation and WipEout HD, but hope their availability for nothing gives a boost to their respective online communities.
Having never played InFamous I’ll be downloading that. I’ve played LittleBigPlanet before but don’t mind having it around again for free. All in all a decent gesture this, I think.
Free games are unacceptable. I want a clean call girl holding a bag of money at my doorstep. TWO call girls. And a pizza.
You guys aim too low: I want a team of people to clean my house while holding a bag of money. And a pizza. And tequila. The top-shelf tequila, not that swill they use as regular bar stock.
I had a dream they’d put WipEout HD up (and for fucks sake: why the capital E?)
Sony you have, quite literally, fulfilled my dream.
Now, about those other dreams…
Keep in mind, tea drinkers, this is the North American “sorry package,” so there is still a chance for the rest of the world to get those call girls/pizzas/bottles of Patron.
Pingu features is right, our “Great British Tea and Crumpet Rescue Package” differs slightly.
We get WipEout HD, InFamous, LittleBigPlanet, Dead Nation and Ratchet & Clank: A Crack in Time, I believe.
All worth having with the exception of R&C, which unless you already have the other 4 games, is by far the weakest of the three.
“Great British Tea and Crumpet Rescue Package”
Crumpet = girls?
Perhaps it should be “Great British Tea, Crumpet and Crumpet Rescue Package”, just to make sure we’ve got all bases covered.
Great British Crumpet, Crumpet and Crumpet Rescue Package.
Now we have a sentence worthy of an Earthworm Jim ending.