The PlayStation Network hack: 4 ways Sony screwed up

Sony admits its gaming network was hacked, compromising the personal information of millions of users. How did the company let this happen?

Sony shut down its PlayStation Network on April 20, after being hacked, but spent a week investigating the issue before alerting users to the problem.
(Image credit: REUTERS/Thomas Peter)

Sony has shut down its PlayStation Network indefinitely after a "massive data breach" in which an unknown hacker gained access to names, addresses, passwords, and other personal information for 77 million user accounts. The electronics giant is warning that it "cannot rule out the possibility" that credit card information was stolen as well, though there is no evidence of that yet. Gamers are frustrated by the prolonged outage, and the incident — one of the largest data breaches ever — has become "a major black eye" for Sony. Here, four mistakes Sony made:

1. Sony started a "ridiculous" fight with hackers

"Sony has no one to blame but themselves," says Paul Tassi in Forbes. The company "started a war" with hackers when it took away the ability to install other operating systems on PlayStation machines. This attack can't be condoned, but "Sony absolutely kicked a hornets nest that should have been left well enough alone."

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.


Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

2. Sony was "negligent" about security

It's "shocking" that users' secrets were so easily available to hackers, says Sebastian Anthony at ExtremeTech. Why in the world were those passwords, email addresses, and other personal details "stored in unencrypted form?" It looks like Sony ignored "industry-accepted procedures" for security, says Ben Rooney at The Wall Street Journal. If that's the case, the company's management looks "stupid" and "grossly negligent," says Erik Sherman at BNET. And now, "it's only a matter of time before someone files a class-action lawsuit," says Evan Narcisse in TIME.

3. The company was slow to disclose the problem

Sony learned about the hack on April 19, and shut down the network the following day — without alerting the public to the security problem. The company brought in outside experts to investigate and, on its official PlayStation blog, says "it took our experts until yesterday to understand the scope of the breach." Even now, after some details are out, Sony continues to be "less than forthcoming," says Rory Cellan-Jones at BBC News. Millions of users are questioning what caused the breach, what personal details have been compromised, and when exactly the network will be back online. Sony should satisfy their curiosity.

4. And Sony cast doubt on the cloud's safety

Many tech companies are moving to cloud-based services, in which data is stored on a network and accessible from any internet-connected device. So this breach is "worrying for any business trying to persuade consumers that the 'cloud' is a safe place to store valuable content or personal data," says Cellan-Jones at BBC News. These cloud services "represent the juiciest imaginable hacking target," says Anthony at ExtremeTech, and if a leader like Sony can be hacked, "we can only hope that other companies are watching and learning from its mistakes."

Sources: BBC News, BNET, ExtremeTech, Forbes, GameSpy, PCWorld, Reuters, TIME, Wall Street Journal

To continue reading this article...
Continue reading this article and get limited website access each month.
Get unlimited website access, exclusive newsletters plus much more.
Cancel or pause at any time.
Already a subscriber to The Week?
Not sure which email you used for your subscription? Contact us