Survive the PlayStation Network Hack!

By now you've heard that the Sony PlayStation Network has been down all week and after days of mysterious failed logins Sony finally identified that PSN was the target of an "external intrusion". The company has decided to keep both PSN and its music streaming service Qriocity offline until it can find and fix the vulnerability in its network security that lead to the hack.

Sony confirmed only yesterday that last week’s malicious attack might have compromised user’s personal information such as names, addresses and even credit card numbers.

"While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

Out of an abundance of caution... the warning above went to more than 77 million PSN and Qriocity users that their credit card numbers might have been obtained by hackers. Many PlayStation Network users are outraged that it took Sony almost a week into the outage to divulge to customers that the hack might have resulted in stolen credit card numbers. The anger of its customers has spilled into various consumer protection authorities that are now investigating Sony for its failure to inform users of the possibility that credit card numbers may be in jeopardy.

Sony History of Hacks

This isn’t the first time Sony has had troubles with hackers: Do you remember GeoHot? Sony had recently patched up difficulties with the infamous hacker that received notoriety for jail-breaking the iPhone and publishing the root key for the PlayStation 3. Sony sued one George Hotz, aka. GeoHot citing that the root kit could allow users to copy pirated games right onto their PS3.

During the ensuing legal drama a hacker group called Anonymous vowed revenge for GeoHot and others that Sony has tried to squelch for offering its root kit online. But Anonymous says it has pulled back its attacks after Sony and GeoHot settled out of court. Anonymous denies any involvement in Sony's current troubles.

Whether the current hack was the result of Anonymous or not, one thing is clear - hacking and so called hactivists are here to stay. No company, no matter how large or trustworthy is immune. It's not enough to simply trust your personal information including credit card number to large companies with a sound reputation. As a consumer it's incumbent upon us to remain vigilant and informed about how our information can be used.

Companies that accept your information need to be transparent to its customers. Companies like Sony have nothing to gain by keeping a lid on the bad news that sensitive user information may have been hacked. Getting the information out to the public so they can take action for themselves may result in a chorus of complaints. But that's nothing like the complaints, legal action and potential permanent loss of customers if they don't.

Demand Transparency

Sony’s actions following its external intrusion are being investigated by various consumer protection entities to see if legal action against Sony is appropriate.

In the UK the Information Commissioner, Sir Christopher Graham said: “We are contacting Sony and will be making further inquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken by this office."

British users are reassured by the Financial Fraud Action UK that its banking industry has "robust processes in place to protect its customers’ accounts…"

Part of that robust process includes the threat of up to £500,000 in fines for any company responsible for breaches of personal information.

Closer to home Senator Richard Blumenthal, Democrat-Connecticut is also looking into the bad news delay and contacted Sony Computer Entertainment of America chief executive Jack Tretton to register his displeasure on behalf of the American people.

In its defense Sony has stated that its delay in releasing any information was due to the depth of its detailed investigation – and that it had nothing to hide. According to a Sony spokesman, forensic analysis of the breach did not reveal stolen data until the day it notified customers.

5 Ways to Improve Your Digital Security

If you’re a PlayStation Network user chances are you’ve given the service your credit card number. Since PSN is free, a credit card number is not required to use the service but there is still plenty of software to buy.

While being free may provide Sony a competitive advantage over Microsoft’s Xbox Live, as a user of both Live and PlayStation Network I have mentioned here in the past - you get what you paid for. Multiplayer gaming on Xbox Live is an overall superior user experience. But for a free service PSN is not bad… and yes, I have given Sony my credit card number to purchase downloadable content for every Call of Duty game in recent memory.

So, what do you do if you're one of the 77-million-plus gamers that could have been breached? Even if you’re not in any danger of losing your account information to Sony, hacking has become so ubiquitous it’s good to know what to do because as we’ve seen – no company is untouchable. Unless you're prepared to avoid shopping online and write checks for the rest of your life, you’re going to be exposed to risk of identity theft

1. Immediately, check your bank account for recent activity. If you've only got one card on the line and are worried about being fraud, have the bank cancel it immediately.

2. Beware of fraudulent phone calls or emails requesting personal information. This should be obvious to almost anyone. Most companies make its customers sit on hold and suffer voice-recognition prompts - they don't suddenly decide to give you a personal phone call out of the goodness of their heart.

If you get a call from one of the faceless entities with which you do business asking for personal information - hang up!

3. Read the Sony PlayStation Blog April 26th post for specific advice. Sony has been clear that they don’t know if the hackers got your credit card numbers or not, it’s simply a possibility. No customer has reported an incident of identity theft resulting from this hack.

4. If you’re really the worrying type, US residents have credit bureaus available that can place a fraud alert on your file as a free service to help protect you. But this also sounds like a pain in the butt because you’re asking to be scrutinized every time you make a credit card transaction.

• Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
  
• Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
• TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

In Canada we have access to some of the same credit bureaus but there is also a handy government ID Theft Checklist to help you rest easy anytime you feel you’re in danger of being hacked.

5. While I’m in no danger of being anyone’s money manager - here’s what I do... I have one credit card with only a meager limit that I use specifically for online purchases. You’ve heard of Gold or Platinum cards – well this is my Coal card. Okay, with the cost of energy these days coal might even be a bit generous. But the point is… no other credit card information ever gets out online. If hacker-thieves get my numbers they’ll only get as far as dinner at the local Swiss Chalet before being declined.

Here's hoping Sony gets this matter sorted out pronto! The hack may have given the game console fan-boys over on the Microsoft side further ammo for online rants and sure, it's costing Sony some serious face and more than a few customers. But none of that is important to me.

I'm hoping Sony fixes PSN soon so I can spend less time researching and sitting here in front of my computer writing about Sony’s problems and more time shoot zombies on PSN again with my buddies down in the US.