Sony Faces The Music, But Blames Anonymous

Sony has hired investigators and accused Anonymous of distracting it during the Playstation hack

Sony has brought in specialists to track down those responsible for stealing the personal details of more than 100 million online gamers.

According to the BBC, the Japanese electronics giant has recruited security experts from Guidance Software and Data Forté Corp, the latter of which is headed up by a former special agent with the US Naval Criminal Investigative Service (NCIS).

And of course the FBI has already begun its own separate investigation into the huge Playstation breach. Sony has confirmed it is working with the San Diego branch of the FBI, where the data centre housing the company’s game network was based.

World Of Hurt

Eric Doyle: Sony is a case study of corporate irresponsibility

Currently the investigation is still in its early stages and no one has been formally identified as carrying out the hack.

However Sony has blamed the hacking group Anonymous, as it said the breach took place whilst it was fending off a denial of service attack from them. Apparently Sony was targetted by Anonymous because it took legal action in a federal court against a hacker in San Francisco.

But according to the Wall Street Journal, which cited “a person familiar with the matter,” at least some of the attacks came from a Malaysia-based server.

There is little doubt that Sony is currently facing a world of hurt over the breach.

In the United States Senator Richard Blumenthal sent a letter to Sony executives saying he was “deeply concerned about the egregious inadequacy of Sony’s efforts thus far to notify its customers of these breaches or to provide adequate protections for users whose personal and financial information may have been compromised.”

In the UK meanwhile Sony is facing a formal probe from the Information Commissioner’s Office (ICO). And in Germany, it has been revealed that German privacy officials will query Sony about the breach.

On top of this, Sony faces several class-action suits.

The latest is from a Toronto law firm, which launched a C$1 billion (£635,000) class-action suit against Sony for breach of privacy. Its client is said to be a 21-year-old PlayStation user from Mississauga, Ontario.

Playstation Hack

Sony said it had discovered that user account information for 77 million PlayStation Network and Qriocity users had been compromised between 17 April and 19 April. But Sony only notified customers of the breach on 26 April.

And then to make matters worse, on Monday 2 May security consultants found a second breach, carried out between 16 April and 17 April. Their findings indicated that personal information from about 24.6 million Sony Online Entertainment (SOE) accounts may have been stolen, as well as certain information from an outdated database from 2007.

This takes the total amount of user details that have been hacked to over 100 million users.

Credit Card Details?

Besides stealing names, email addresses, and phone numbers, there are also reports that the hackers also succeeded in stealing credit card information.

Sony said that its credit card database was encrypted. However security researchers said last week that hackers are bragging on forum discussions that they have credit card numbers in their possession. The hackers are reportedly threatening to sell the information for up to $100,000 (£60,000).

That report was also said that hackers initially tried sell the stolen data back to Sony but were ignored. Sony however has denied this claim.

“To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list,” Nick Caplin, Sony’s head of communications in Europe, was quoted as saying in the Daily Telegraph.

Phased Restoration

Sony for its part maintains there is no evidence the encrypted credit card database was stolen, but it does concede it could have been stolen and that 10 million credit cards could be at risk.

In the face of fierce criticism, Sony bosses on Sunday bowed in apology for the breach and said that it is appointing a chief information security officer (CISO).

Meanwhile the PlayStation Network remains offline after being shut down more than two weeks ago.

Sony said it will shortly begin a phased restoration by region of PlayStation Network and Qriocity services, beginning with gaming, music and video services.