More

Amy Lee
amy.lee@huffingtonpost.com Become a fan of this reporter
GET UPDATES FROM Amy
 

Sony PlayStation Network Gets Restored, But Uncertainty Lingers Over The Extent Of The Breach

Sony Playstation Network Restored

First Posted: 05/15/11 04:03 PM ET Updated: 07/15/11 06:12 AM ET

Inspiring
 Funny
 Obsolete
 Scary
 Must-Have
 Amazing
 Innovative
 Nerdy

Sony has finally begun to restore access to the PlayStation Network, after a massive security breach that exposed of the personal information of over 100 million users. But the true extent of the breach -- and the state of Sony's security -- are still largely unclear.

Sony has faced scrutiny from Congress and backlash from angry consumers, some of whom have already changed gaming systems as a result of the data breach. Though the PlayStation Network is back online, considerable uncertainty remains as to just how much personal information was exposed. Experts also say that the network itself may not yet be totally secure.

According to a Reuters report, Sony's security weaknesses could be more widespread than the company has acknowledged. John Bumgarner, a security researcher, discovered a number of remaining flaws in the system that he has said could easily be exploited. Notably, Bumgarner showed that a simple Google search could be used to discover pages of information which could be used to launch more advanced attacks, including the names, email addresses and phone numbers of Sony's IT managers.

"Sony still has several external security issues that need to be addressed," Bumgarner told Reuters.

Since the breach, Sony has promised to step up security, saying in a press release that it has made "considerable enhancements to the data security" by adding advanced technologies, increasing software monitoring, conducting vulnerability testing, increasing encryption and implementing additional firewalls. In addition, the company says it has added an early-warning system for unusual patterns to help detect breaches earlier.

Previously, Sony had been protecting passwords using "a cryptographic hash function," which is vulnerable to attack through basic means.

Sony first confirmed the attack -- which it has blamed on the online collective Anonymous, though Anonymous has denied any responsibility -- on April 26, despite the fact that it was believed to have occurred between April 17 and April 19. Sony has been criticized for its delay in notifying both law enforcement and consumers following the breach.

Sony has begun to restore access in the Americas, Europe and several other countries, though the company is holding off in Japan and other Asian countries. According to the Wall Street Journal, Sony is "still in talks with Japan's industry ministry, which is asking for more detailed explanation on how Sony's online service works and what security measures the company is implementing."

When it comes to the nature and extent of the breach itself, experts say that little is known. Of the many rumors that have floated around, the one that hackers may have taken credit card numbers and sold them online is especially concerning. Yet some believe that it may have been the biggest data breach in American history.

"This is arguably the most serious breach in U.S. history measured by number of people involved, sensitivity of information accessed, and amount of time that the breached network has been shut down," said Fred Cate, Director of the Center for Applied Cybersecurity Research at Indiana University. "Even now, only parts of the PlayStation network are being brought back into service."

Though the company initially announced that the network would be restored in days, those days became weeks. Sony now says American services should be restored by the end of May.

"While we understand the importance of getting our services back online, we did not rush to do so at the expense of extensively and aggressively testing our enhanced security measures. Our consumers' safety remains our number one priority," Sony executive deputy president Kazuo Hirai told customers in a video.

For users who use the same password across sites, the Sony breach endangered not only PlayStation Network accounts, but any other account using the same username and password combination. Experts underscored the importance of assigning unique passwords to each account.

"For consumers, the key lesson is to use unique passwords," said Cate. "It is boring and tedious and no one wants to do it, but it is the only way to guard against the risks presented by the PlayStation breach."

FOLLOW HUFFPOST TECH

Sony has finally begun to restore access to the PlayStation Network, after a massive security breach that exposed of the personal information of over 100 million users. But the true extent of the brea...
Sony has finally begun to restore access to the PlayStation Network, after a massive security breach that exposed of the personal information of over 100 million users. But the true extent of the brea...
Related News On Huffington Post:
 

More in Technology...


 
 
  • Comments
  • 82
  • Pending Comments
  • 0
  • View FAQ
Comments are closed for this entry
View All
Favorites
Recency  | 
Popularity
Page: 1 2 3  Next ›  Last »  (3 total)
photo
Whinger
I'm Just Me!
252 Fans
04:47 PM on 05/16/2011
You never miss the water until the well runs dry - low life hackers don't care about anyone...

This is a warning for Microsoft and similar to look at potential security vulnerabilities, like yesterday!
Permalink  |
photo
ComputerBlog65
0 Fans
 
03:42 PM on 05/16/2011
In the long run, this attack on Sony's PSN might be a good thing. I understand that a lot of personal information was stolen for millions of people, which is in no way a good thing. However, this attack SHOULD lead to much more money being invested into the security of the online systems for both Sony and Microsoft.
---
http://mattdturner.com/wordpress
Permalink  |
HUFFPOST SUPER USER
frenchgod
23 Fans
11:59 AM on 05/16/2011
I just want to play some call of duty... kino der toten!!!
Permalink  |
HUFFPOST SUPER USER
frenchgod
23 Fans
11:57 AM on 05/16/2011
I just want to kill some zombies
Permalink  |
samuraifrog37
136 Fans
07:59 AM on 05/16/2011
They should sell the company to Apple. Sony brand quickly sinking in the sun...Banzai !!!
Permalink  |
photo
Muhd Hanis
3 Fans
04:12 AM on 05/16/2011
hopefully safe to use.....
http://yuppygadget.com
Permalink  |
photo
HUFFPOST SUPER USER
Kmuzu
Rolling dem bones
486 Fans
02:08 AM on 05/16/2011
Actually PSN went down again when there was a massive amount of user trying to reset their passwords.
Permalink  |
photo
Nec V20
Liberal with five knuckles to back it up
522 Fans
02:00 AM on 05/16/2011
Sony wanted to install a rootkit onto my PC if I attempted to play one of their music CDs on it.

As a white-hat hacker I say hit them some more, these guys deserve all the crap they get.

Nothing associated with Sony goes on my shopping list any more.
Permalink  |
photo
HUFFPOST SUPER USER
glockman
568 Fans
07:53 AM on 05/16/2011
"As a white-hat hacker I say hit them some more, these guys deserve all the crap they get."

The problem with that is that it impacts everyone else, even those who just want to play games in the their PS3's, and who only use the online services on occasion.
Permalink  |
HUFFPOST SUPER USER
David Landry
67 Fans
11:58 AM on 05/16/2011
Poor business practices usually does that. Blame Sony for this, not the people who refuse to do business with a company that they can't trust.

If banks didn't use locks or safes, and thieves kept stealing the money from the banks, you might want to blame the thieves, but it's the banks that are the ones that want us to pay them for their trust ... can't do much about the thieves, but we can sure do a lot about the businesses that fail to live up to our trust in them.
Permalink  |
JessCostello
979 Fans
12:55 AM on 05/16/2011
SONY is a company who is going from bad to worse. They are having trouble competing with Chinese and Korean electronics brands and their games are no longer top notch. Customer service for their online games is notoriously slow to respond to glitches and customer complaints/suggestions.


Who's going to right that ship?
Permalink  |
photo
LightShadow62
The answers are not found in the extremes
747 Fans
12:24 AM on 05/16/2011
There should be doubts about ANY online data storage system. They are all susceptible to attack and the more information that a single system holds the more likely it will become a target. Big target makes big news which puts a big feather in the cap of the hacker. That is the way it has and will always work.
It has been reported that the hacker even used cloud processing to assist them in attacking Sony. So how is CLOUD looking to you now?
Permalink  |
photo
matt grainger
15 Fans
12:03 AM on 05/16/2011
Sorry $ony, I already "made the switch". I gave you guys until early May (when you said you would have this problem fixed, remember?), and then when you re-neg'd, I had little choice. You hung yourselves with the way you went about this issue. Sorry.
Permalink  |
HUFFPOST SUPER USER
blackstarpictures
61 Fans
 
02:36 AM on 05/16/2011
Fickle
Permalink  |
photo
matt grainger
15 Fans
04:01 PM on 05/16/2011
Not even a little.
Permalink  |
photo
HUFFPOST SUPER USER
bkerensa
Evangelist at Ubuntu
523 Fans
 
10:56 PM on 05/15/2011
There is no way that PSN and better yet the rest of Sony's infrastructure has been fully rebuilt and secured from the bottom up. In the small time it was down they probably put together a "fix" or "patch" which they feel might make things a little more secure but honestly the only way to make things as secure as possible is for them to take all their servers offline, preserve user data and then rebuild their server side setups from the ground up.
Permalink  |
photo
matt grainger
15 Fans
12:05 AM on 05/16/2011
Agree with you 100%, thanks for bringing some brains to this issue.
Permalink  |
photo
HUFFPOST SUPER USER
Fredday
Nyak Nyak Nyak
446 Fans
10:14 PM on 05/15/2011
Logged in, changed password, PSN works, but still no PS Store.
Permalink  |
This user has chosen to opt out of the Badges program
Mississippi Red
Stoke City: ugly football that works
241 Fans
09:54 PM on 05/15/2011
The best thing that could happen is for PlayStation to simply dissappear forever.
Permalink  |
photo
Gavin Saunders
we only have each other
898 Fans
10:23 PM on 05/15/2011
Imagine if the time gamers spent at their consoles was spent in the community helping someone down on their luck?
Permalink  |
photo
HUFFPOST SUPER USER
zambiedude
61 Fans
11:40 PM on 05/15/2011
That could be said about so many things, I don't understand the hate on gamers ...
Permalink  |
photo
HUFFPOST SUPER USER
PCPrincess
I'm probably gaming.
326 Fans
 
11:45 PM on 05/15/2011
Gamers spend their free time on a PC or console, others may watch TV or read books, or watch a DVD. There is time for work, play, with some left over to donate time to the community.
Permalink  |
HUFFPOST SUPER USER
JFaye
My micro-bio is not empty. Thank you.
1163 Fans
 
09:35 PM on 05/15/2011
Can some tech person explained, how this site knows when I have searched for a product, even at department store. Increasingly, whatever site I visit to shop, the items show up on the HP site when logging on.
Permalink  |
photo
jsarets
913 Fans
09:57 PM on 05/15/2011
Because when your browser accesses any page on this site, the site attempts to install cookies into your browser from several third-party marketing companies including Nielsen and QuantCast.

If your browser allows those third-party cookies to be installed, then you can be tracked across any other websites which are partnered with these same marketing companies. When you do your online shopping, they see their cookie in your browser and know you're probably the same person. Then when you go back to this site, they see the cookie again and place ads relating to the kind of products you were checking out before.

This behavior can be thwarted by configuring your browser to reject third-party cookies. This allows this site to install their own cookies when you visit this site (which provides useful features like staying logged into your account when you browse from page to page within this site), but it does not allow this site's marketing partners to install their cross-site tracking cookies.

Additionally, the purple "superuser badge" next to your name indicates that you have linked your account on this site to one or more of your accounts on other social networking services (e.g. Facebook). This account-linking practice allows this site to essentially log into your accounts on those services and run some data-mining applications, getting a sense of your interests and figuring out if you have friends on those networks who are also linked into accounts on this site.
Permalink  |
HUFFPOST SUPER USER
JFaye
My micro-bio is not empty. Thank you.
1163 Fans
 
12:09 AM on 05/16/2011
Thank you... I just reconfigured to block pop-ups and not allow third-party cookie installation. Already, my social media sites have been deactivated ... Hope this works; uneasy feeling.
Permalink  |
photo
mentorlog
5 Fans
 
10:53 PM on 05/15/2011
They gather data from cookies, When users visit a website and either view a cookie may be dropped on that end user's browser. They serve similar ads as per your search history.
Permalink  |
HUFFPOST SUPER USER
JFaye
My micro-bio is not empty. Thank you.
1163 Fans
 
12:10 AM on 05/16/2011
Thank you. It's a little unnerving as I was on-line shopping from a department store where I have an account.
Permalink  |
Page: 1 2 3  Next ›  Last »  (3 total)