It Only Disappoints You

Let me say this first, because in the hullabaloo surrounding Sony’s almost criminally irresponsible handling of the ongoing PSN outage and compromised customer data, I feel like this point is quickly lost.

The bad guy (or at least the worst guy) in all this is the person or organization that hacked PSN.

I realize that Sony has managed in the aftermath to come off like the gawking bystander that hangs out watching as a horrific crime takes place, only thinking to bother calling the police long after the blood has dried on the sidewalk. In a way, it’s almost easier to be mad at that guy, and even to begin to blame him for the whole incident. I have to remind myself that the company didn't actually start this whole thing.

Sony is obviously not an intentional accessory to the actions that have crippled their system and exposed millions of customers to the worst kind of potential identity hazards, but like almost everyone else I am perplexed and aghast at their response. A response so bad that it has made virtually everyone madder at them than at the feckless waste of ejaculate who perpetrated the crime in the first place.

My initial reaction, however, was not anger. That has brewed very slowly, like a pitcher of tea steeping on the porch during a hot summer day. It wasn’t even surprise. It was something more like amused, cynical resignation.

This isn't just the Sony I had feared; it's the Sony I had expected.

On hearing that the company had not only allowed some anonymous hacker to waylay their online system for a what has already been a truly extraordinary period of time, but also failed to disclose or even recognize that customer data had been compromised until nearly a week had passed, I felt a lot like I do when I read stories about Donald Trump. That is to say vaguely annoyed and at the same absolutely amazed at the magnitude of idiocy involved.

Watching Sony muddle their way through this latest blemish on their already not-particularly-good name, I feel like I might actually be watching a Monty Python skit on how not to react. It's like responding to getting slapped in the face by just slapping yourself even harder. I keep expecting one of the talking heads from Sony to suddenly start doing funny walks or be stomped on by a giant cartoon foot. If it weren't so painfully serious, it would be comical.

From here on out, however, my confidence in PSN and the parent company, not only as someone who watches the industry but as a past Sony consumer, feels irretrievably ruined. Without measuring Sony up artificially against other consoles—looked at alone in the harsh, cold spotlight—there’s no good reason I can imagine to ever again trust them with my personal information. I'd sooner give my credit card number to a Nigerian prince.

What I really hope, though, is that other holders of my information are paying close, damn attention. Frankly, it’s easy enough for me to throw the Sony out with the bathwater, I don’t have a lot of collateral at stake in our relationship. In the end, I still feel happy enough having a decent Blu-Ray player and a system that I may occasionally boot up to play some rented exclusive. It would be a lot harder to walk away if this were Microsoft or Steam instead, and I feel for the people who would like to extract themselves from Sony’s grip but who have invested countless dollars into the PS3 as their gateway into gaming and social spheres.

I sincerely hope that there are a lot of much smarter people kicking around making sure that the same sorts of vulnerabilities aren’t manifest in the systems I depend upon. I realize no system, certainly not those as complex as these gaming portals, can ever be completely failsafe. So what matters most is how prepared a company is to react to a crisis, and I can’t help but feel like Sony just got their butt kicked in the parking lot of a bar and has decided to react by bleeding on the ground for a while.

It’s just the first in a flurry of street brawls I suspect the company will likely endure as the first rounds of litigation begin to take shape and the media begins to have its field day. But, honestly, I’ll be watching with only a casual passing interest, because I’ll no longer have a dog in that fight. After all, I’m now only a former Sony customer.

Comments

I am torn about this. This is the internet, and hackers are a part of the landscape. This kind of thing happens, although I don't remember anything on such a large scale. I would not want to blame a home owner who was robbed by saying he should have had better locks.

Still, Sony is a pretty big company and I just hope that the reason this happened was not because Sony tried to go cheap on security features.

Since my PS3 is only a small part of my total gaming experience, not having access to PSN isn't killing me. I can wait. My concern is for people who use PS3s as their main form of gaming and entertainment. My heart goes out to those poor souls and for their sakes, I hope the network comes back up really soon.

If anyone needs me, I'll be on Steam.

I would not want to blame a home owner who was robbed by saying he should have had better locks.

Again, the problem isn't that Sony got hacked. As many have said, that's part of life on the internet. The problem is what they did about it.

Still probably a lot of Japanese culture in the response, as others have mentioned. If the same thing happened to Nintendo, I imagine we'd see a similar response.

Stele wrote:

Still probably a lot of Japanese culture in the response, as others have mentioned. If the same thing happened to Nintendo, I imagine we'd see a similar response.

Nintendo wrote:

At this point, we can't confirm nor deny that all friend codes will have to be entered again.

Internet wrote:

IMAGE(http://shanghaiist.com/attachments/shang_jay/0810rage.jpg)

One vote for: allowing the system to be hacked and have downtime is my issue, who cares how they 'messaged' it? We're all adults and know when something has been carefully worded. The wording isn't really the issue.

Some nice links:

http://www.privacyrights.org/data-br... (searchengine)
databreaches.net (Telling more about individual cases)

Few examples that someone else already listed from them, for just this year:

------------

April 14, 2011
WordPress
21 million people - mainly a forum and blog tool.

April 2, 2011
Epsilon
Unknown # of people (Handles lots of huge-companies online-marketing, i.e. Target, Best Buy, Walgreens and City Group) - says they didn't loose CC. Only e-mail, and personal info).
Best Buy has also lost customer information another time in a seperate incident this year, Wallgreens last year - where CC might have been lost.

April 1, 2011
iTunes (Apple)
Hack, Unknown # of people affected
(People shop on hacked accounts with other peoples accounts, unkown reason)

February 4, 2011
Twitter, Facebook and PayPal
Unknown # of people affected
(Same Person charged with hacking all three, logging into peoples accounts, and shopping, blackmailing and also charged with cyber-stalking, since many of the victims where celebrities)

January 18, 2011
Discovered the chat logs of 2 people charged of last years hack on Apple I tunes - they used an "account slurper" to conduct a "brute force" attack that lasted five days and extracted data from iPad users who accessed the Internet through AT&T's 3G network.

----------

You can complain about Sony all you want, but it should be clear by now that this is not particularly unique. Online information is very liable to theft and happens all the time, and credit cards are hilariously unsafe. Most people that use them a lot should have had their info stolen several times over, just from using it at restaurants.

They also did a few things right:

1. They probably gave the police some time to investigate (this is considered the best thing to do if you want to catch the criminal, don't start with showing you are on to him), before shutting down the system completely.
2. They investigated the scope of the theft before they told us about it. This is also normal, decent practice.
3. They did actually tell us about the issues. Many companies try to just let it pass by quietly.
4. They did encrypt credit card data (of course this should be a no-brainer)
5. They did in fact hash the passwords, so hackers wouldn't have been able to use them instantly (although generally we can assume it was an old-style hash which is still fairly easy to find - hackers will be able to get a number of possible answers from it, among which usually the right one).
6. Should somehow or other credit still be stolen (perhaps because they found a password for amazon and you have one-click buy or something like that), or you are suspecting that happened, they will pay (if your credit card company doesn't take care of this already - they don't get a neat percentage of all purchases for nothing).
7. PSN+ outage will be compensated, every PSN user affected will get a free month of PSN, plus some other gifts (games most likely) that will be hand-picked to be suitable for the Region.
8. They literally bent over on TV during their press conference apologize (though this is common practice in Japan if you mess up).

It is still crappy that it happens, and they could probably have prevented it (and from the looks of things they were already upgrading, as they have used this as an opportunity to immediately implement a previously scheduled move of their data-centers). And obviously the additional theft of SOE information is also very regrettable.

The biggest mistake probably is not having someone in charge of security that can oversee the company's strategy, communicate to PR when necessary, hire outside firms to validate security, have a disaster plan ready for when things go wrong that require PR, and get fired if things go horribly wrong ;). It is of course no surprise that they already announced they would be hiring someone for this position.

Faults are investments. As long as you learn from them, they can be worth it.

I for one, first thing I'll do when PSN is back up is buy Outland (already tried it on 360), and get some new Rockband 3 DLC and probably some Beatles Rockband DLC (have been playing that a tonne during the outage, as I got it for 8 Euro new, Lego Rockband should be arriving today or tomorrow as well, for the same ridiculously low amount - Beatles Rockband is pretty awesome, with great drum lessons too)

Well, obviously after the mandatory password change, and only once the Store is actually up ... I can imagine the Store may go up a little later still, in which case I'll just start getting some online scores in for Beatles RB, and maybe try the new Home 1.5 update, though I don't know if there are already spaces that use the new features (Havok physics, much better online integration and interaction - you should be able to even do a shooter in Home now apparently).

You might want to save the vigorous defense of Sony for when they actually get their services back online. Of those much smaller breaches that you brought up, how many were offline for two weeks to a month?

This is not the event that crushes Sony. But it may very well be the nail in the coffin in regards to Sony having any hope that the PS3 is going to be profitable for them in this generation.

Worse, I think this is the event that will spur Sony, which will then force Microsoft, to get moving on the next generation of consoles. We may never see the Year of the PS3.

At the very least, I think this will cause a lot of people who own both systems to buy the 360 version of multi-platform games now. I know that I'm in that camp.

Arwin wrote:

I for one, first thing I'll do when PSN is back up is buy Outland (already tried it on 360), and get some new Rockband 3 DLC and probably some Beatles Rockband DLC (have been playing that a tonne during the outage, as I got it for 8 Euro new, Lego Rockband should be arriving today or tomorrow as well, for the same ridiculously low amount - Beatles Rockband is pretty awesome, with great drum lessons too)

You should friend me, when PSN is back. Always looking for more people to play RB series with, all great games.

Thurgrim wrote:

At the very least, I think this will cause a lot of people who own both systems to buy the 360 version of multi-platform games now. I know that I'm in that camp.

You didn't before? I'm always hearing that people get the 360 version unless ... Personally, I'd say PSN being down makes a change only for games with a significant online portion. I just got Beatles and Lego Rockband, and those are multi-platform titles, but obviously there are some other factors at play here. I have to admit that I'm starting to miss seeing where I rank on scores, or buying DLC for Rockband 3, but even if it does last til 31th of May, I think I'll live.

@Nyx_Stele: will do!

Strange, I couldn't find you on this ... : http://www.rockbandscores.com

Sensical wrote:

Know what I think? I think Sony's security is going to be pretty dang up-to-snuff after this little incident. I think it'll be one of the safest places I could put my personal info online, going forward, what with the ramped up measures they're no doubt enlisting. I mean, Sony is at DEFCON 1 right now. They're locking thangs down. (Speaking as someone who, of course, has no idea what measures they're really taking.)

THIS. To the GWJers that are swearing off Sony because they can't trust them with their information, you have to realize that after this incident Sony will have a robust, overtested, and elaborate security system that probably eclipses that of Microsoft and Nintendo.

It's your prerogative to respond however you'd like. It sounds like many are distancing themselves for Sony having already been distant prior to this event, and it seems a lot of confirmation bias is leading people to wag their finger and blame them rather than recognize how many things Sony has done correctly.

See you guys when Uncharted 3 online comes out.

Arwin wrote:

@Nyx_Stele: will do!

Strange, I couldn't find you on this ... : http://www.rockbandscores.com

Didn't even know that site even existed. Not sure why I don't show up, but I do play RB2, RB Beatles, LEGO RB, and RB3, although RB3 hasn't been online yet.

SGP wrote:

See you guys when Uncharted 3 online comes out.

Will be there. Hope PSN is up before then.

SGP wrote:

Know what I think? I think Sony's security is going to be pretty dang up-to-snuff after this little incident.
...
See you guys when Uncharted 3 online comes out.

I agree that after all of this, Sony's networking will likely be in really good shape. I get frustrated at the people who complain about the delays to get the service back up when they are the same people who want everything locked tight - these things take time, sometimes.

I don't really think that the "never again, Sony" attitude is really built from a fear of the future security of Sony's online efforts, I think it is much more of a "You have lost me as a customer for this past failure" mentality. Why people are (largely) willing to forgive the 360 for hardware failures, buying two or more 360s to replace a failed unit, but not Sony's loss of information is beyond me. One is an actual, out of pocket loss (albeit rather small, big picture) and the other is an exposure of personal information with potential for loss.

I suspect you are right about Uncharted 3 bringing people back, though. I didn't know Uncharted 3 was even going to have on-line components!

SGP wrote:
Sensical wrote:

Know what I think? I think Sony's security is going to be pretty dang up-to-snuff after this little incident. I think it'll be one of the safest places I could put my personal info online, going forward, what with the ramped up measures they're no doubt enlisting. I mean, Sony is at DEFCON 1 right now. They're locking thangs down. (Speaking as someone who, of course, has no idea what measures they're really taking.)

THIS. To the GWJers that are swearing off Sony because they can't trust them with their information, you have to realize that after this incident Sony will have a robust, overtested, and elaborate security system that probably eclipses that of Microsoft and Nintendo.

It's your prerogative to respond however you'd like. It sounds like many are distancing themselves for Sony having already been distant prior to this event, and it seems a lot of confirmation bias is leading people to wag their finger and blame them rather than recognize how many things Sony has done correctly.

See you guys when Uncharted 3 online comes out.

Well, I've already said I would still buy a PS3 at some point. And secure or not, I already viewed their online service as pretty horrible. But there are some good games I'd still like to play.

We can debate all we want about just how up to snuff Sony's online security was. But if it takes more than month to rebuild it, it's pretty clear that they have decided they didn't know what the heck they were doing to begin with.

And I guess it makes sense to assume that they are now experts in the field, and that they have assembled a crack team of security experts. Or maybe it is taking so long becasue they really don't have a clue, and what they will have assembled will be a glorified mess, and still as shoddy as before.

I think Microsoft can get hacked. I have a hard time believing it would take them this long to get things back in order. But then, Microsoft actually profits directly from their online service.

Of all the different web sites that have been hacked, how many went dark for a month? How many times did you not have access to your money in the bank or credit cards for a month? Have you ever lost your email or internet service for 30 days?

Better yet, have you even felt more confident in a car repair becasue they took an extra long time to fix it?

I think Sony will be fine if they ever get their online service figured out. But they would have been better off charging for it from the beginning, and treating it like an important part of their business model.

Good points, Jay. I don't think I've seen a modern Internet service go dark for a month since the early dot com days. Since so much is done online it's become a target to have as much uptime as possible. It would be inconceivable for even Pets.com to have gone down for this long. Mostly because companies know that if they went dark for that long they stood to lose business. If the same thing happened to Google or Amazon they'd be f'ed. Luckily for Sony online isn't their core competency. They make money off of video games and hardware. Unfortunately for Sony, online isn't their core competency. So the more games and services go there the harder they'll need to work to adapt.

The only console company right now whose core competency is online service is Microsoft. If they take over, I'm going to have to swear off console gaming. More than I already do, I mean.

LarryC wrote:

The only console company right now whose core competency is online service is Microsoft. If they take over, I'm going to have to swear off console gaming. More than I already do, I mean.

Nintendo has an awesome opportunity sitting right in front of them. They have the capability of making me not care what Sony and Microsoft offer in the next gen.

Unless you're the type who doesn't care about online services, then Nintendo won't be doing anything like that for you. If Sony is light years behind Microsoft, then Nintendo's several dimensions behind.

Also, no third party support. Everyone's pretty hostile to Nintendo on the whole. I count one AAA budget game on the platform from third parties this generation. Every good game on the platform from third parties was made on a shoestring budget.

LarryC wrote:

The only console company right now whose core competency is online service is Microsoft. If they take over, I'm going to have to swear off console gaming. More than I already do, I mean.

Why? What's so terrible about having a good choice / provider with competent features at a minor cost? Don't get me wrong, I understand monopolistic concerns, but as long as there is money to be made in it, others will be attempting to join in, and maybe one day, it will actually have a worthy console competitor.

trueheart78:

I said that I wasn't going to buy into that kind of an environment. I didn't say that it was going to be a terrible, terrible thing. The only reason I even have a PS3 is for the exclusives. I generally play on the PC, being the glorious, glowing master race specimen that I am.