Archive

Fair or Foul? A Post-Mortem on Sony’s Response to the Big Hack

Updated Thu, Jun 23, 2011 by jeffprime

In late April, Sony’s Playstation Network and Qriocity services were maliciously hacked and the situation was featured in banner headlines around the world. Sony’s services were down for roughly a month, leaving many gamers out in the cold, unable to play their favorite games. How well did Sony manage the crisis? Did it handle the situation well, poorly, or somewhere in between? Let’s do a post-mortem on Sony’s handling of the hacking aftermath.

Stage One – It Hits the Fan

sony online entertainment
Where was the alert?
To begin, Sony was extremely quiet about the security breach when it brought down the network. Players were left in the dark to what exactly was going on, only that the networks were down. It would take almost a full week before Sony announced that personal and account information of an unknown number of users may have been compromised. Class action suits have sprung up since claiming that credit card information may or may not have been compromised, but the veracity of that claim will have to be proven in the courtroom (if at all).

Sony Grade: F
Sony gets a big fat F for not immediately reporting to its customers of the possibility of their account and credit card information being hacked. Whether or not financial information was stolen, it was Sony’s responsibility to inform their customers so that they could take actions to protect themselves, such as cancelling credit cards or changing login information on other sites. Waiting almost a full week is a slap in the face to the customers. As someone who has had their credit card info stolen and their bank account drained, it is a nightmare to repair the situation.

Stage Two – It Gets Worse

The crisis continues. After two weeks, Sony’s networks are still down, including their online gaming portals, and they announce that they had just found troubling new information. It seems that the hackers may have gotten their hands on personal information (such as birth date, gender, and phone number) of MMOG customers. Customers outside of the USA may have had old credit card information stolen.

sony online entertainment
A familiar sight for Sony customers recently.

Sony Grade: C+
While Sony’s attempts to fix the problem represent the futile action of somebody closing the barn door after all the horses escaped, at least they reported their new findings as soon as they found something. Now, online gamers could begin to worry as much as PlayStation Network players. However, Sony still gets bad marks for allowing gamers to wonder what’s going on between official announcements. Sony should have been making statements every day to their players, keeping them apprised of the situation.

Sony at this time also gave a year of ID theft protection from Debix for PlayStation Network and Qriocity users. They would eventually extend this offer to Station Access members as well. Sony gets good marks for this action as it would help mitigate any identify fraud that may have occurred.

Stage Three – Restoration

Eventually service was restored and gaming resumed, much to the delight of long-suffering customers. Sony made several offers to their customers. For PSN subscribers, they got a choice of 2 free games (out of a list of 5), 2 PSP games (if they had a PSP account), 30 days of PlayStation Plus for non-Plus members, 60 days for Plus members, and Q Music Unlimited subscribers get an additional 30 days. For Station Access members, they received: 45 days of game time, 500 station cash, and for lifetime members, they got in-game currency for Free Realms, DCUO, and Clone Wars Adventures. In addition, certain games had free items you could receive, such as a Batman style mask for DCUO. Finally, at E3, Sony announced that they’ll reduce the price of their Station Access subscription from $29.99 to $19.99.

Sony Grade: C
Personally, I think the extra subscription time and rewards are decent, but not spectacular. Giving thirty days plus one day for each day the service was down could have better thought out. I think giving at least two months free subscription and free in-game currency would have been better. “But, Jeffprime, what about the game’s economy?” you cry. To that, I say screw the in-game economy. Allow players who haven’t been unable to play for a time to be able to blow off a little steam and go on a buying frenzy. Any damage to the in-game economy would be short-lived, at best. Finally, as of the publication time of this article, the price for Station Access is still $29.99. Is Sony holding out to see if they can renege on their offer? If so, the grade will plummet.

dcuo
Is this all I get?

Conclusion

Astute readers may have noticed that I have made no comment on the hackers or their reasons for attacking Sony. That is not the point of this article. My only concern here is Sony’s response to the attack.

At the beginning, Sony handled the situation atrociously. By not informing their customers of the nature of the security breach and the possible loss of financial and personal information, they put their customers at risk. This is totally inexcusable. As the situation continued, Sony continued to be tight-lipped, keeping customers in the dark. However, they finally gave some timely information on the possibility of MMOG players having their info stolen. They did act proactively by offering customers ID protection for up to a year, so their level of response improved. By the time service was restored, Sony didn’t rock the boat by offering some extra time and free games (if you hadn’t already owned them). They could have offered more to reward customers for their patience and downtime.

Overall, Sony’s response was lukewarm, at best. The initial response sucked, then they got better (not stellar, but better), and the final reaction by Sony continued along the same “okay” manner. Sony definitely could have handled the situation better by keeping customers more fully informed and by offering them greater compensation for the lack of service. The estimated cost to Sony by the hacking is $170 million dollars. My hope, and the hopes of many gamers, is that Sony and other online developers take drastic measures to beef up their security to keep this incident from ever happening again.


News from around the 'Net