22. Re: Evening Consolidation Apr 27, 2011, 09:45 Verno
Sony should have been far more forthcoming with the severity up front, even if they didn't actually know. If only to give the slow minded folks a bigger push to change any passwords that may have shared with the one used on PSN...which should have been an automatic reaction for most people anyways.

It's not that simple unfortunately. All data is potentially compromised. That includes your name, date of birth, secret question/answer info and so on. Most people don't know what verification data is used against the CC so they might well have answered truthfully. I was always a little weary of why Sony needed so much information for a PSN account. The potential for identity theft is much higher here than normal. If it was your password or CC then this would still be bad but nowhere near so. Unfortunately there are a shitload of site logins most people need to memorize and most don't know about programs like KeePass or LastPass.

As for fault Sony can take plenty of that here. Attacks are going to happen on corporate networks, it's pretty much a given. There's a reason for all of the annoying PCI/ISO 27002 audits that network staff are subjected to. Sony has shown it failed in both failover, storage and design implementations here. Numerous products tied together are now inoperable, they were sharing services without proper network isolation and have obviously violated some basic network design principles. There's some evidence of the breach going back a month or longer, some hackers were pasting logfiles on IRC but most people laughed it off as fake because they didn't believe there was any way Sony's internal security was that weak.

blah blah Microsoft

This has nothing to do with Microsoft, that's just silly platform warrior nonsense. Most people are not going to boycott Sony over this despite their saber rattling. It can affect them financially however in the form of people using prepaid cards, virtual debits and travel cards instead of real credit cards. That can drastically affect impulse spending and their bottom line. The personal information they sell to advertisers will also take a huge hit in value as I'd wager many people will be giving whatever fake info they can in the future.

