UPDATE: Kaz Hirai in today’s press conference revealed that as many as 10 million credit cards numbers may have been stolen. That number appears to be all of the credit card numbers that Sony has, since many of the 77 million registered users log into the network and play online for free.
After the highly infamous cyber-attack on Sony’s data-centers in San Diego, California, U.S.A. which caused all network services to be disrupted worldwide, it seems Sony Network Entertainment International ( SNEI; Sony Computer Entertainment America – SCEA – underwent a legal name change , if you didn’t know ) is finally getting things set right. SNEI will being a phased restoration by region of the PlayStation Network and Qriocity services, with gaming services being prioritized to be functional at the earliest.
As is already known, Sony engaged multiple high-profile expert security firms in order to conduct a thorough investigation of the criminal attack. SNEI is currently working with law-enforcement forces to track down and prosecute those responsible for the illegal intrusion.
With the help of the security firms, an extensive audit of the system has been conducted, only after which the phased restoration by region of the company’s online services are beginning, SNEI states. Now, according to SNEI, user-submitted personal data of 77 million and odd users worldwide is much safer in the hands of the company.
Once the services are restored, initially only a few features of the PlayStation Network will be functional:
Restoration of online game-play across the PlayStation 3 (PS3) and PlayStation Portable (PSP) systems ( this includes titles requiring online verification and downloaded games )
Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers
Access to account management and password reset
Access to download un-expired movie rentals on PS3, PSP and MediaGo
SNEI reports that several security measures have been implemented in order to detect and prevent future attacks from taking place. The company has even gone to the extent of creating a new position of Chief Information Security Officer, directly reporting to Shinji Hasejima ( Chief Information Officer ). The implemented security measures are:
Added automated software monitoring and configuration management to help defend against new attacks
Enhanced levels of data protection and encryption
Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns
Implementation of additional firewalls
After the criminal attack, SNEI also carried out in advance their plan of shifting their data centers to a new location. As an added security measure, the PS3 will have a forced system software update that will require all registered PlayStation Network users to change their account passwords before being able to use the service. In the future, passwords can only be changed on the PS3 in which the PlayStation Network account was originally activated, or through validated email confirmation.
“This criminal act against our network had a significant impact not only on our consumers, but our entire industry. These illegal attacks obviously highlight the widespread problem with cyber-security. We take the security of our consumers’ information very seriously and are committed to helping our consumers protect their personal data. In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks. Our global audience of PlayStation Network and Qriocity consumers was disrupted. We have learned lessons along the way about the valued relationship with our consumers, and to that end, we will be launching a customer appreciation program for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services,” said Kazuo Hirai, Executive Deputy President, Sony Corporation.
SNEI has stated that the company will also help users enroll in identity theft protection services ( or such similar programs ). As a complimentary offering SNEI will offer a “Welcome Back” appreciation program tailored to specific markets worldwide in order to appease users. Core components of the “Welcome Back” program include: Each territory will be offering selected PlayStation entertainment content for free download; All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service; Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service.
SNEI also mentions that additional “Welcome Back” entertainment and service offerings will be rolled out over the coming weeks as things get back to normal.
Although there are no specific details about the offering of PlayStation entertainment content, SNEI states that more news in each region soon. On a side note – SNEI still stead-fastly sticks to its ‘no evidence that credit-card data was taken’ statement. Contrarily, a reliable source states that the hackers who managed to wreak havoc indeed stole encrypted credit-card data.