In late April, Sony’s Playstation Network and Qriocity
services were maliciously hacked and the situation was featured in banner headlines
around the world. Sony’s services were down for roughly a
month, leaving many gamers out in the cold, unable to play their
favorite games. How well did Sony manage the crisis? Did it handle the
situation well, poorly, or somewhere in between? Let’s do a
post-mortem on Sony’s handling of the hacking aftermath.

Stage One – It Hits
the Fan

src="http://www.tentonhammer.com/image/view/94241"
alt="sony online entertainment"
style="width: 250px; height: 135px;">

Where was the alert?

To begin, Sony was extremely quiet about the security breach when it
brought down the network. Players were left in the dark to what exactly
was going on, only that the networks were down. It would take almost a
full week before href="http://www.tentonhammer.com/node/97892">Sony
announced that personal and
account information
of an unknown number of users may have been compromised. Class action suits have sprung up since claiming that credit card
information may or may not have been compromised, but the veracity of that claim will have to be proven in the courtroom (if at all).



Sony
Grade: F

Sony gets a big fat F for not immediately reporting to its customers of
the possibility of their account and credit card information being
hacked. Whether or not financial information was stolen, it was
Sony’s responsibility to inform their customers so that they
could take actions to protect themselves, such as cancelling credit
cards or changing login information on other sites. Waiting almost a
full week is a slap in the face to the customers. As someone who has
had their credit card info stolen and their bank account drained, it is
a nightmare to repair the situation.

Stage Two – It Gets
Worse

The crisis continues. After two weeks, Sony’s networks are
still down, including their online gaming portals, and they announce
that they had just found troubling href="http://www.tentonhammer.com/node/98028">new
information. It seems that the
hackers may have gotten their hands on personal information (such as
birth date, gender, and phone number) of MMOG customers. Customers
outside of the USA may have had old credit card information stolen.

style="border: 0px solid ; width: 620px; height: 235px;"
alt="sony online entertainment"
src="http://www.tentonhammer.com/image/view/98011">

A familiar sight for Sony
customers recently.

Sony
Grade: C+

While Sony’s attempts to fix the problem represent the futile
action of somebody closing the barn door after all the horses escaped,
at least they reported their new findings as soon as they found
something. Now, online gamers could begin to worry as much as
PlayStation Network players. However, Sony still gets bad marks for
allowing gamers to wonder what’s going on between official
announcements. Sony should have been making statements every day to
their players, keeping them apprised of the situation.



Sony at this time also href="http://www.tentonhammer.com/sony/feature/security">gave
a year of ID theft protection
from Debix
for PlayStation Network and Qriocity users. They would eventually
extend this offer to Station Access members as well. Sony gets good
marks for this action as it would help mitigate any identify fraud that
may have occurred.

Stage Three –
Restoration

Eventually service was restored and gaming resumed, much to the delight
of long-suffering customers. Sony made several offers to their
customers. For PSN subscribers, they got a choice of 2 free games (out
of a list of 5), 2 PSP games (if they had a PSP account), 30 days of
PlayStation Plus for non-Plus members, 60 days for Plus members, and Q
Music Unlimited subscribers get an additional 30 days. For Station
Access members, they received: 45 days of game time, 500 station cash,
and for lifetime members, they got in-game currency for style="font-style: italic;">Free Realms,
DCUO,
and Clone
Wars Adventures. In addition,
certain games had free
items you could receive, such as a Batman style mask for style="font-style: italic;">DCUO.
Finally, at E3,
href="http://www.tentonhammer.com/soe/e3/2011/station-access-price-drop">Sony
announced that they’ll
reduce the price of their Station
Access subscription from $29.99 to $19.99.



Sony
Grade: C

Personally, I think the extra subscription time and rewards are decent,
but not spectacular. Giving thirty days plus one day for each day the
service was down could have better thought out. I think giving at least
two months free subscription and free in-game currency would have been
better. “But, Jeffprime, what about the game’s
economy?” you cry. To that, I say screw the in-game economy.
Allow players who haven’t been unable to play for a time to
be able to blow off a little steam and go on a buying frenzy. Any
damage to the in-game economy would be short-lived, at best. Finally,
as of the publication time of this article, the price for Station
Access is still $29.99. Is Sony holding out to see if they can renege
on their offer? If so, the grade will plummet.

href="http://www.tentonhammer.com/node/99861"> style="border: 0px solid ; width: 620px; height: 442px;"
alt="dcuo" src="http://www.tentonhammer.com/image/view/99861">

Is this all I get?

Conclusion

Astute readers may have noticed that I have made no comment on the
hackers or their reasons for attacking Sony. That is not the point of
this article. My only concern here is Sony’s response to the
attack.



At the beginning, Sony handled the situation atrociously. By not
informing their customers of the nature of the security breach and the
possible loss of financial and personal information, they put their
customers at risk. This is totally inexcusable. As the situation
continued, Sony continued to be tight-lipped, keeping customers in the
dark. However, they finally gave some timely information on the
possibility of MMOG players having their info stolen. They did act
proactively by offering customers ID protection for up to a year, so
their level of response improved. By the time service was restored,
Sony didn’t rock the boat by offering some extra time and
free games (if you hadn’t already owned them). They could
have offered more to reward customers for their patience and downtime.



Overall, Sony’s response was lukewarm, at best. The initial
response sucked, then they got better (not stellar, but better), and
the final reaction by Sony continued along the same
“okay” manner. Sony definitely could have handled
the situation better by keeping customers more fully informed and by
offering them greater compensation for the lack of service. The
href="http://www.computerworld.com/s/article/9216926/PlayStation_Network_hack_will_cost_Sony_170M">estimated
cost to Sony by the hacking is
$170 million dollars. My hope,
and the hopes of many gamers, is that Sony and other online developers take drastic measures to
beef up their security to keep this incident from ever happening again.