Money Matters - Simplified

Sony PlayStation hack can affect 77 million users

Sony wrote on the official PlayStation blog on Tuesday that some “illegal and unauthorized person” has obtained the names, addresses, security questions and other details.

Sony seems to have landed in troubled water. While on one side it is dealing user with the information theft at its online gaming network, on the other Sony is being criticized for not disclosing the news about theft.

The PlayStation network was shut down seven days ago but the theft was not made public till Tuesday.

The information included names, addresses and probably credit card data of 77 million users.

Largest data theft
Michael Pachter, analyst at Wedbush, said, “This is a huge data breach. The bigger issue with Sony is how will the hacker use the info that has been illegally obtained?”

Sony generates approimately $500 million annually in revenue from this service.

Experts said that in their bid to offer innovative products rapidly, Sony probably did not pay attention to the security features of the software that ran its network.

Sony wrote on the official PlayStation blog Tuesday that some “illegal and unauthorized person” has obtained the names, addresses, security questions and other details.

Sony said it did not find any evidence about the theft of credit card data but cautioned its users that the possibility could not be ruled out.

“Out of an abundance of caution, we are advising you that your credit card number (excluding security code) and expiration date may have been obtained,” said the company.

It recommended users to place fraud alert through the U.S. credit card bureaus on their credit card accounts.

Sony facing criticism
The company is being widely criticized for coming out late with full information about the theft. Sony joins the series of Japanese companies which have been accused of not disclosing complete information in the past.

Tokyo Electric Power Co. came under fire for the way it handled the nuclear crisis at its plant and earlier Toyota was accused on same grounds after it failed to provide full information about the massive vehicle recall given by it last year.

Sony has not commented if it is working in tandem with the law enforcement agencies in investigating this theft. It however said that it had hired an, “outside recognized firm” to investigate the incident.

Analysts blamed that while Sony had issued a notification to its customers, the company is still not providing information about how the data was stolen.

Experts said that in their bid to offer innovative products rapidly, Sony probably did not pay attention to the security features of the software that ran its network.

Alan Paller, of the SANS institute said, “They have to innovate rapidly. That’s the business model. New software has errors in it. So they expose code with errors in it to large number of people, which is a catastrophe in the making.”