Sony has shut down its PlayStation Network indefinitely after a "massive data breach" in which an unknown hacker gained access to names, addresses, passwords, and other personal information for 77 million user accounts. The electronics giant is warning that it "cannot rule out the possibility" that credit card information was stolen as well, though there is no evidence of that yet. Gamers are frustrated by the prolonged outage, and the incident — one of the largest data breaches ever — has become "a major black eye" for Sony. Here, four mistakes Sony made:
1. Sony started a "ridiculous" fight with hackers
"Sony has no one to blame but themselves," says Paul Tassi in Forbes. The company "started a war" with hackers when it took away the ability to install other operating systems on PlayStation machines. This attack can't be condoned, but "Sony absolutely kicked a hornets nest that should have been left well enough alone."
2. Sony was "negligent" about security
It's "shocking" that users' secrets were so easily available to hackers, says Sebastian Anthony at ExtremeTech. Why in the world were those passwords, email addresses, and other personal details "stored in unencrypted form?" It looks like Sony ignored "industry-accepted procedures" for security, says Ben Rooney at The Wall Street Journal. If that's the case, the company's management looks "stupid" and "grossly negligent," says Erik Sherman at BNET. And now, "it's only a matter of time before someone files a class-action lawsuit," says Evan Narcisse in TIME.
3. The company was slow to disclose the problem
Sony learned about the hack on April 19, and shut down the network the following day — without alerting the public to the security problem. The company brought in outside experts to investigate and, on its official PlayStation blog, says "it took our experts until yesterday to understand the scope of the breach." Even now, after some details are out, Sony continues to be "less than forthcoming," says Rory Cellan-Jones at BBC News. Millions of users are questioning what caused the breach, what personal details have been compromised, and when exactly the network will be back online. Sony should satisfy their curiosity.
4. And Sony cast doubt on the cloud's safety
Many tech companies are moving to cloud-based services, in which data is stored on a network and accessible from any internet-connected device. So this breach is "worrying for any business trying to persuade consumers that the 'cloud' is a safe place to store valuable content or personal data," says Cellan-Jones at BBC News. These cloud services "represent the juiciest imaginable hacking target," says Anthony at ExtremeTech, and if a leader like Sony can be hacked, "we can only hope that other companies are watching and learning from its mistakes."