By Richi Jennings. April 25, 2011.
Updated: Sony Computer Entertainment (SNE) (6758) regrets to inform PS3 users that it's been unable to repair its PlayStation Network (PSN) and Qriocity platforms -- at least, not so far. It now seems that users' personal data have been compromised, which "may" include credit card details. They've both been down for over a week and it could be another week until it's back. In IT Blogwatch, bloggers point the fingers of blame.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention the Easter Peeps experiment: How long do marshmallow chicks last in an Arizona summer?..
Keir Thomas reports:
When Sony's PlayStation Network was taken offline ... all eyes fell on the Anonymous group, who've taken a dislike to Sony's ... treatment of hardware hacker George Hotz. ... Last night Sony confessed that an "external intrusion" caused [it] to take-down the PlayStation Network and ... Qriocity. ... However, they're not saying anything more, or giving a time scale as to when gamers will be able to resume playing online.
...The phrasing Sony used ... indicates that this wasn't a Distributed Denial of Service (DDoS) attack. ... Instead, this seems to be an individual breaking into the network ... probably why it's taking so long to clean-up. ... The break-in might even be coincidental to the recent Anonymous actions. ... However, the timing is certainly suspicious.
Tricia Duryee adds context:
Sonys PlayStation Network ... provides PlayStation 3 users with downloadable games, movies and TV shows. ... [It's] similar to Xbox Live ... trying to extend the life of the console by adding new content.
...It has 70 million registered accounts worldwide who have downloaded more than 1.4 billion pieces of content..
Sony's Patrick Seybold spins thuswise:
We are working around the clock to bring them both back online. Our efforts ... involve re-building our system to further strengthen our network infrastructure. ... This task is time-consuming ... [but] it's worth the time ... to provide the system with additional security.
...We will continue to give you updates as they become available.
But Anonymous gloats at Sony's misfortune:
Sony released a statement ... saying that the network outage may be a result of "targeted behaviour by an outside party". ... Adding to the confusion is the fact that the message has since been removed.
[We] are not related to this incident. ... A more likely explination is that Sony is taking advantage of [our] previous ill-will ... to distract users from the fact the outage is accutally an internal problem.
...Sony is incompetent.
And Sidharth Bhansali sounds worried:
Waiting is all one can do, but this ... raises questions regarding security. ... Not only do we have game-related stuff on PSN, but also millions of users addresses and credit card details are buried in the store.
...Let's hope that PlayStation is up and running soon.
A source with close connections to Sony Computer Entertainment Europe ... who wishes to remain anonymous [says] the PSN sustained a LOIC attack ... (a denial-of-service). ... There was also a concentrated attack on the ... servers holding account information. ... Admin Dev accounts were breached. ... The SCEE source said Japanese servers may be restored [today] while [other] servers will likely be operational [tomorrow].
Again, this information is from a source who claims to have a very close connection with [Sony].
..."Everyone deserves the right to know whats been going on," the source wrote. ... If you have information to share, please do so.
You would think that Sony would have had recovery plan ... we can conclude that they do not. It is sad that they ... shut everything down. ... Companies have been able to make major changes to their systems without having to completely shut them down. There is something else going on here.
Other companies who have these kind of problems ... do not leave users in the dark as to what is going on. ... [Sony is] very secretive about everything that is going on. ... They had better start providing more information as people are losing patience ... and starting to consider other gaming systems.
As with any lack of information, there is speculation as to what is going on. ... At this point, it could have been a single hacker ... who was able to get through their security firewalls. ... There is even the possibility that they gained access to the ... credit card information and that is why they shut everything down the way that they did. If [so] they need to admit that now and not wait.
...Keeping your customers informed ... is critical with successful businesses.
PlayStations entire 2011 so far has been marred by a single issue: hacking. ... The manner in which Sonys responded to a story which has refused to drop out of the headlines ... is now threatening the PlayStation brand itself. ... Sony has now allowed the issue to affect its entire audience ... over a global holiday ... with no reason why they cant play ... online on their Easter break.
Instead of showing maturity and restraint, Sony sued George Hotz ... and embarked on a ludicrous game of legal headline ping pong that, irrefutably, ended in PR disaster. ... Sonys legal team was reduced to spurious accusations. ... Sony should never have sued Hotz. It solved nothing. ... The firm should have step-matched the hackers with Firmware updates ... and strengthened PS3s security without creating such a nonsensical fuss. ... There has to be a serious question over Sonys judgement.
[Then] ultra-liberal hacking group Anonymous said it was to target Sony. ... No one outside of Sony and those responsible for the most recent incident knows what happened on Wednesday ... but whatever it was forced Sony to take the ... PlayStation Networks offline and start re-building.
...PSN is as much a part of PS3 as the consoles Blu-ray drive. ... Sonys escalation of its war on hacking could potentially threaten not only Sonys ability to cut content deals, but ... may compromise personal information of its millions of users. ... [This] is, in reality, a disaster for PS3.
Don't miss out on IT Blogwatch:
Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. He's also the creator and main author of Computerworld's IT Blogwatch -- for which he has won American Society of Business Publication Editors and Jesse H. Neal awards on behalf of Computerworld, plus The Long View. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: firstname.lastname@example.org. You can also read Richi's full profile and disclosure of his industry affiliations.