27 Apr 2011
Sony has admitted its customers' personal details have been stolen by an 'unathorised person', following a cyber attack on its online gaming service.
The firm has suspended the service while it investigates the breach, and has brought in external security experts to help it work out exactly what data has been compromised.
In a statement on its PlayStation blog, Sony's head of communications for Europe, Nick Caplin, gave details of the information that had been breached.
"Although we are still investigating the details of this incident, we believe an unauthorised person has obtained the following information that you provided: name, address, country, email address, birthdate, PlayStation Network/Qriocity passwords and login, and handle/PSN online ID."
He added that it was impossible to rule out the possibility that credit card details were also obtained by hackers. He also warned customers to be on the lookout for scam calls and emails now that their personal data has been breached.
David Emm, researcher for internet security specialists Kaspersky, recommended that users of Sony's gaming services be vigilant about possible scams.
"Monitor your bank accounts carefully for signs that your banking details may have been compromised, and contact your bank about anything that looks suspicious."
The news that in light of the hack, Sony plans to move its data centre to a location that it claims is more secure raises some interesting questions.
It is worth highlighting that no matter how secure the location and the technology, people are still the key to real security. If employees do not see security as a top priority, then even the most secure system can easily break down - especially if basic access practices relating to hardware, databases, etc. are ignored by technical staff.
Even with robust technology, there is always a need for high-quality ‘human management’. Corporate technologies like secure ID still require a strong bond of trust and a process of education in place between business and employee. After all, unprofessional or disaffected users all too often pass critical information on passwords, codes and ID numbers to others.
A even more farsighted or revolutionary approach for Sony might be to encourage its customers to access their online and gaming services through more secure network access that could, in turn, help track and monitor network external hackers and restore consumer confidence in the Sony network.
Secure services like tibboh, for example, can then become the basis for providing access to age appropriate games or the Internet and even for restricting the use of illegal download sites. They can also help provide a clearer audit trail back to the data thief, reducing the likelihood of a hack attack in the first place.
Phil Dawson, managing director, MDS Technologies
Posted by: Phil Dawson 28 Apr 2011
You have to be dumb enough to put real personal details on *any* online service or keep your financial info online for longer than you need.
Always use fake information everywhere you can and of course keep track of that info for recovery or verification purposes (e.g. use KeePass to keep track of your accounts).
Use random temporary email addresses such as blahsomerandomnumber@mailinator.com when subscribing to services. Remove your credit card info after you made a purchase.
Just some safe habits that will spare you from a lot of trouble.
Posted by: blah 27 Apr 2011
Have your say on this article
Newsletters
Latest stories from Hacking
Latest videos
You may also like
Hacking jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
