Torn between my PS3 and Sony
April 28th, 2011 . by Andy (TANcast's #1 Ear-Rapist)As you guys may or may not know, the PlayStation Network has been down for a week thanks to some asshat hackers. The outage itself is annoying, but that’s not the real news: the hackers got users’ personal data. There is some more coverage here and here if you’re curious, but I’m here to talk about me. Of course.
First, a quick aside to set the stage: I love my PS3. The build quality, the noise (or lack thereof), the graphics power, the Blu-Ray player; it kicks my Xbox 360’s ass in every way but the online experience (PSN is no match for Xbox Live, but it’s free) and maybe the controllers (mostly a wash). I default to the PS3 version of multi-console releases unless reviews say the PS3 version sucks or I want to play with my brother (who only has a 360).
Back to the hack. Because I follow gaming press, I’ve known since Monday that my bank card data (and address, and full name, and…) could be in the wrong hands. I’ve already contacted my banks and am in the process of setting up fraud alerts with credit reporting agencies. This is a big fat pain in my ass that I don’t need right now, but shit happens.
I was just a bit angry and disappointed at the beginning of the week. Now my blood is boiling.
This morning I finally got an official email from Sony warning me about the hack and providing a ton of information about what I should do to protect myself. Essentially it reiterated everything I already knew from other sources.
News has an incentive to provide detailed information as fast as possible and corporations have incentives (including inertia) to delay releasing detailed information, but if Sony gave half a shit about protecting their customers they would have treated this exactly like what it was: a race between their customers and the hackers to secure or compromise accounts.
Instead, they waited a full week after they shut PSN down to notify me. A week.
Here was my reply:
I have 2 questions:
1) Why was my password (to say nothing of my personally-identifiable information) stored in plain text?
Seriously, has Sony not heard of using per-user salts and hashing? How about just hashing? Encrypting the “passwords” table? No? Fan-fucking-tastic.
2) Why did you wait a week to inform me?
If I HAD used the same password in multiple places, the hackers would have had 9-11 days to find those accounts and compromise them, wouldn’t they? At this point, if they wanted to screw me I’d already be screwed. Clearly Sony knew something was amiss when you shut the PSN down a WEEK ago. Why did it take 7 more days to think “Hey, Andy might be vulnerable. We should really tell him!”?
Let me be clear: I know hacks happen. I know fraud happens.
I’m furious because your incompetence and tight-lipped handling of the fiasco put me at additional risk and for longer than needed. You’ve burned through all my trust and goodwill.
For what it’s worth, I’ve spent my last dollar on the PSN, and quite possibly with Sony. I know I’m a drop in the bucket, but multiply me by a few million pissed-off fanboys you guys just lost…
Microsoft and Nintendo have their issues, but at least they haven’t (yet) left 75 million users with their asses hanging out for a week.
– Andy
I think that about sums it up.
UPDATE: Turns out Sony has heard of hashing passwords, but perhaps not about updating software.
April 29th, 2011 at 1:37 am
its sucks, I will probably shy away from buying stuff on PSN unless that is the only place a game can be found like the Back to the Future games I bought
May 1st, 2011 at 5:59 pm
As a hardcore gamer Andy I feel your pain entirely, the fact Sony left it so long to inform us our details have been compromised is a joke. They may be claiming the spent that time investigating but that’s just BS.
Also, I didn’t know if you heard but as a “sorry we fucked you all over” Sony are giving everyone free PSN+ for a month once the network goes back online. It’s a complete marketing plot for sure but I know I’ll be making the most of it (or at least as much as my crappy download speed allows me).
The PSN outage for me anyway has only really been more of an annoyance than a real threat (I hope). For the past year I’ve only ever bought DLC/games/etc via PSN vouchers bought in game stores so whatever card is on my PS3 has probably long expired, my password could be at threat but the only things I share it with are internet forums and such – so unless the hackers feel like going on a spam-a-thon I should be ok.
I just want the online game aspect of PSN to be back up, I’ve had Portal 2 since release day and yet to play co-op!
May 4th, 2011 at 8:54 pm
Assuming the free PSN+ still works without a card associated I will rape that for all the DLC I can get.
But at this point I kinda feel like Kevin Butler owes me a BJ…
May 6th, 2011 at 6:50 pm
No idea if this is true or not, but if it is then I’m a little more angry with Sony, that’s just pure laziness.
http://www.geek.com/articles/games/psn-was-running-on-unpatched-apache-server-with-no-firewall-2011055/
May 6th, 2011 at 6:53 pm
Just saw the update in the blog post, this is why I should check these things before I post comments. Luke you Idiot!