At the annual Black Hat hacker convention that happened in Las Vegas this week Sony earned a dubious distinction of the security breach that took several of its services down for nearly two months. The awards are called "Pwnies" and - unless you are a hacker - you don’t want to be "honored" with on. Sony earned the "Most Epic Fail" award for the massive security breach that brought down the PlayStation Network and related services for nearly two months earlier this year.
Star Wars Galaxies, the popular MMO created by Sony Online Entertainment and LucasArts is shutting down by year's end. SOE announced that it planned to shut down the Star Wars themed MMO in December of this year. They are doing this, they say, to switch the focus on the next Star Wars MMO, The Old Republic.
SOE president John Smedley said the closure of SWG will not affect the team because it will be transferred to an undisclosed project in Austin.
An official letter to SWG players was posted on the forums, laying out the bad news:
A new lawsuit filed in federal court in San Diego on Monday (Cotorreal et al v. Sony Corporation Inc.) alleges that Sony's security breach of Sony Online Entertainment and PlayStation Network were the direct result of layoffs earlier in the month of April. In late April the company laid off around 205 employees from its MMO company SOE, closing down offices in Denver, Seattle and Tucson. These layoffs also affected the company's Network Operations Centre. The complaint alleges that Sony did not mention that any of these employees were part of "network operations" at the time of the layoffs.
The complaint also alleges that Sony rushed to protect data when it first learned of the security breach - but it wasn't user data they were concerned about. The company paid millions to secure sensitive corporate secrets, not offering the same level of action for customer data, the complaint contends.
According to a New York Times report, Spanish police have arrested three men they claim were involved in hacking Sony's PlayStation Network and the PlayStation Store. Police also claim that the trio are part of the hacktivist group Anonymous. The three men were released on their own recognizance pending formal charges but are expected to be charged with "forming an illegal association to attack public and corporate Web sites," which carries a maximum sentence of up to three years.
The official Twitter feed for the hacktivist group does provide some confirmation that the three are somehow connected to the group:
It's E3 week and that means that top executives make the rounds to as many media outlets as possible. Sony's Kaz Hirai is no exception, speaking to a number of publications in North America and Europe this week. In an interview with the BBC, Hirai admits that Sony has not been able to catch whoever breached the PlayStation Network's security in late April, and it is not exactly sure what they might have taken. All they really know is that they accessed user data and took some of it.
Earlier this month a congressional subcommittee looking into the PlayStation Network outage and data leak asked Sony Computer Entertainment America chairman and Sony Corp. executive vice president Kaz Hirai to testify. He declined at the time. While Hirai didn't make it to Washington D.C. his company provided a detailed list of answers that - at least temporarily - pacified lawmakers. Now with the PSN back online, Sony had decided that it will comply with the request from House of Representatives' Committee on Energy and Commerce's Subcommittee on Commerce, Manufacturing, and Trade.
Ken Johnson, an aide to subcommittee chairwoman Mary Bono Mack (R-CA), told The Atlantic magazine that Sony Network Entertainment president Tim Schaff, is scheduled testify before the subcommittee next week.
Sony Online Entertainment announced it will provide customers with a complimentary 12 month identity protection program through Affinion International Limited for Station Account holders in the United Kingdom, France, Italy, Spain and Germany. Customers will have the option of enrolling in the program for 60 days after SOE's services come back online by contacting Affinion directly.
The identity protection program provides customers whose accounts may have been affected by the April security breach on SOE's network with monitoring, surveillance, reporting and insurance.
The second most powerful man in British politics says that Sony's massive security breach should be a wake-up call for online services everywhere. Chancellor George Osborne told a London audience yesterday that all online services in the UK need to learn a lesson from the PlayStation Network troubles: security should be the top priority.
"The hacking into Sony’s online PlayStation Network, and the theft of millions of users’ credit card details, is a high profile example of the need for robust online security," Osborne said.
Osborne added that "this age of digitized public services creates challenges alongside opportunities – the challenge of ensuring the security of personal data and financial information."
While the PlayStation Network has launched in North America, Europe and other regions, the relaunch of Sony’s services in Japan has been held up by regulators in Japan. According to a Dow Jones report, the PSN will not be relaunched in Japan until Sony provides assurances to the government that it has added additional security to its network services.
"We met with Sony on May 6 and 13, and basically we want two things from them," said Kazushige Nobutani, director of the Media and Content Industry department at the Ministry of Economy, Trade and Industry.
"The first is preventative measures. As of May 13, Sony was incomplete in exercising measures that they said they will do on the May 1 press conference," he said, although he refused to provide exact details of the measures for security reasons.
By the time you read this the PlayStation Network should be back online in most regions in the United States. After three weeks of being offline, the service slowly started going back online after Sony issued a new firmware update to deal with firming up security and allowing users to change their passwords.
The first phase of the network restoration will include online play, video streaming, friends lists, PlayStation Home, and Qriocity. Unfortunately the PlayStation Store is still offline. The v3.61 is mandatory and is available now.
And on a related note Sony Online Entertainment's various online game services are coming back online this weekend as well. From the SOE Site:
After several days of being offline MMO company Sony Online Entertainment says that users wanting to play games like EverQuest II, Free Realms, and DC Universe Online will have to wait a "few more days." The company took down its various MMO's after it realized that it had suffered a security breach at around the same time the PlayStation Network was hacked into - over three weeks ago.
In the latest update to the official SOE site, the company also detailed what it will do to make all this up to players:
Sony Online Entertainment has said it'll likely be "at least a few more days" before its online gaming services are restored following the recent security breach. In an update on its site, it also outlined the compensation PC and PS3 users will receive for the down time.
Earlier this week Sony sent a letter to developers hoping that it would give them some comfort as they wait for PlayStation Network to come back online. Several developers including Q-Games and Capcom complained about the amount of money they were losing with PlayStation Network being down - now in its third week.
Sadly, the letter doesn't offer any more information than what is already publicly known, nor does it offer a definitive timeline for when the network will be relaunched.
Below is the full text of the letter penned by Rob Dyer, Sony's SVP of Publisher Relations:
C|Net is reporting that Sony is considering offering a reward for information leading to those hackers responsible for breaking into its PlayStation Network and Sony Online Entertainment networks that lead to both services being taken down nearly two weeks ago. According to the report, the company has been kicking around the idea of a reward for a while, but has not yet come to a final decision on the matter. Apparently, they are still weighing the pros and cons of offering such reward. If they do agree on it, the report claims, it will be brought before the company's top executives for approval.
CNET's report adds that any reward would have to be offered in cooperation with various law enforcement agencies around the world investigating the security breach including the FBI.
Sony has not publicly commented on this story.
It should come as no great surprise that Sony shares have taken a beating since the massive security breaches a few weeks ago. The prolonged downtime of the PlayStation Network is also weighing heavily on investor confidence. Sony shares dropped 3.7 percent on Friday following this week's announcement that Sony Online Entertainment has been hacked and the ongoing struggle to get PSN back online.
Tokyo's financial markets were closed for national holidays Tuesday to Thursday, but reacted negatively to news on Friday morning, according to a Reuters report.
Analysts are also voicing concern about Sony's current situation, and with rumors of a third attack this weekend it is a recipe for more declines in its stock price.
According to a C|Net report a group of hackers is planning another attack on Sony this weekend. C|Net is calling the planned offensive a "major attack" that will target various Sony web sites. The information comes from IRC chatter, observed by an unnamed source. According to the report, the people involved plan to publicize the information they are able to steal from Sony's servers, which could include customer names, credit card numbers, and addresses. The hackers claim they currently have access to some of Sony's servers.
Sony is busy today, putting up no less than three updates on the official PlayStation Blog, to discuss preparations for the restoration of the PlayStation Network, a letter from Sony CEO Howard Stringer, and details on the new AllClear ID Plus Identity Theft Protection program offering.
First up is a post from Sony Sr. Director of Corporate Communications & Social Media Patrick Seybold about preparations to restore the PlayStation Network. According to Seybold, Sony's global network and security teams have begun the "final stages of internal testing of the new system." Seybold said that all of this is an important step towards restoring PlayStation Network and Qriocity services. Full post below:
According to this Bloomberg report, the New York State Attorney General has subpoenaed Sony over its ongoing security breach. Citing sources close to the situation, Bloomberg reports that New York State Attorney General Eric Schneiderman is seeking further information on the security breach of Sony's PlayStation Network and Sony Online Entertainment.
Specifically his department is taking a closer look at what Sony told customers about the security of its networks and when it told customers. The probe is supposedly part of a "consumer protection inquiry," according to the Bloomberg report.
From the report:
Sony is having a busy news day today. First, a story has been circulating that the company has hired yet another security firm to help it with its investigation of the PlayStation Network security breach. According to GameIndustry.biz, Sony has retained Data Forte, a company led by a former U.S. Naval Criminal Investigative Service officer. Security firms Guidance Software and Protiviti consultants are also involved in the investigation.
DC Universe Online subscribers, upset over Sony Online Entertainment's and Sony's security issues, will get some compensation in the form of a virtual item and some free play time in the super hero-themed MMO for PC and PS3. According to the DC Universe Online community site, subscribers will receive a 30 day subscription credit in addition to one day for each day the DCUO was unavailable. Subscribers will also receive a Batman-esque cowl. SOE is calling all this the "make good" plan. More from SOE:
When Sony Online Entertainment announced yesterday that it had suffered the same fate as Sony's PlayStation Network, it baffled many in the community. You may recall one week ago that SOE claimed it had not been affected by the major security breach suffered by PSN because its services were separate. But if those services and data of SOE customers were separate from PSN data, how did SOE get hacked too - and at the same time as the PSN attack as the company claimed yesterday?
Joystiq managed to track down a representative of the company willing to talk about it on the record. According to that staff member, the security breach on SOE's servers occurred because of "overlap."
Congress wanted Sony to come to Washington D.C. to answer questions. Yesterday several members of Congress demanded answers - in person - from someone at Sony. Today the company in the midst of a security nightmare politely told lawmakers "no thank you."
"Sony declined to testify because their internal investigation is still ongoing," an official in Congresswoman Mary Bono Mack's office told Kotaku this morning.
Congresswoman Mack and Congressman G. K. Butterfield wrote a letter to Sony Computer Entertainment of America (addressed to Kazuo Hirai) on April 29, days after Sony detailed the security breach of the company’s PlayStation Network. Both are members of the Subcommittee on Commerce, Manufacturing and Trade. While Sony may have declined the "offer," Sony Computer Entertainment of America spokesman Patrick Seybold said that Sony is cooperating with the committee.
Toronto is the location of the latest class action suit against Sony launched on behalf of one million Canadian consumers for security breaches of the company's PlayStation Network and Qricoity. The class action alleges a breach of privacy and negligence on the part of Sony. The class action suit is seeking in excess of $1 billion in damages and is fronted by plaintiff Natasha Maksimovic, a 21-year-old Humber College student. Maksimovic describes herself as an avid PlayStation player and Sony e-reader user.
She filed her suit because she was concerned that Sony's security breach would have a dramatic impact on her privacy and her finances.
"I’m very loyal to Sony," she said in a phone interview with the Star. "I buy a lot of their products. I trust their brand. It’s kind of disappointing. I’m disappointed in the company to have something like this happen."
According to a report in newspaper WA Today, the Australian government announced plans to create a law forcing companies to disclose privacy breaches to the public. Newspaper WA Today reports that 1,560,791 Australian accounts were affected as a result of the attack on Sony’s PlayStation Network, along with 280,000 credit card details. A timeline for the introduction of this proposal was not revealed, but the government seems to be serious about it. In addition to planning a new law to deal with events like Sony's, the government has criticized the company over the way it has handled its security problems.
Privacy minister Brendan O'Connor recently said that he is "very concerned" over the data loss, but Sony isn't the only company he is concerned about when it comes to security and privacy issues.
Even as Sony's online gaming services were being taken down this morning, the PlayStation Blog was updated denying reports that hackers tried to sell back millions of stolen credit cards to the company. Sony's Patrick Seybold said that the reports were false and that no one in the company recalls such an event occurring. The seedy underbelly of the internet where credit cards are bought and sold every day probably disagrees, but that's Sony's official stance on the subject. Of course, if such an offer were made it would not make much sense to buy back a list that would obviously be copied and resold anyways. From the PlayStation Blog:
"We want to state this again given the increase in speculation about credit card information being used fraudulently. One report indicated that a group tried to sell millions of credit card numbers back to Sony. To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list."
As promised, Sony Online Entertainment has updated its official site to let customers know why it took down its services earlier today. To say it isn't good news for customers is a major understatement. According to the update, SOE took its game services down because of an intrusion that saw much of the same personal data and credit card info compromised by outside sources - similar to what happened on PlayStation Network. SOE says that personal info related to SOE accounts "may have been stolen" in a cyber attack.
Sony Online Entertainment's various services seem to be down and a message on the official site does not give much information on the particulars. According to a short post on the site, the services were taken down after an investigation revealed a deeper "intrusion" than expected at first. This is the first we have heard that Sony's MMORPG arm had some sort of security breach. Below is the message from the official site:
"Dear valued SOE Customers,
We have had to take the SOE service down temporarily. In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately. We will provide an update later today (Monday)."
Another day, another series of questions and answers from Sony. The latest batch of questions and answers attempt to explain what users can expect when the PlayStation Network comes back online. Topics covered include download history/friends list/settings, Sony Online Entertainment's games, PS+ cloud saves, the state of trophies, and if Sony will offer some sort of good will content as an apology to users. Bullet points follow:
Update: A subsequent story on Eurogamer confirms that the Information Commissioner's Office has confirmed its plans to grill Sony over the theft of millions of PlayStation Network users' personal data and credit card information.
"The Information Commissioner's Office takes data protection breaches extremely seriously," the organization told Eurogamer this morning. "Any business or organization that is processing personal information in the UK must ensure they comply with the law, including the need to keep data secure. We have recently been informed of an incident which appears to involve Sony. We are contacting Sony and will be making further enquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken by this office."
According to a Kotaku report, Sony Online Entertainment has closed three of its development studios and laid off nearly a third of its work force. Word began to spread when George Broussard, better known as the creator of Duke Nukem and the founder of 3DRealms, tweeted about SOE Seattle closing:
"Word that Sony Online Entertainment Seattle is having layoffs and that studio closure is possible."
Kotaku then confirmed the news "through a source familiar with the matter" who said that the closure affected SOE's studios in Seattle, Tucson, Arizona and Denver. Kotaku also confirmed that nearly half of the employees at SOE's Austin, Texas studio had been let go. A number of its employees in San Diego, the company's main studio of operations have also been let go.