why should people be compensated with money for a free service? 20 buck x eleven million is a lot of cash to be throwing around.

People don't want to be compensated for loss of access to a free service. They want to be compensated for the fact that Sony has let a hacker steal their personal data, which may in turn compromise their banking details and credit rating.

what happened with the Gizmodo thing? did they ever pay anything?

what about the other instances where customer's information was stolen?

Forget the service outage, that's really a non-issue. How about the potential for identity fraud against anyone who's purchased anything from PSN?

Because on the one hand, Sony claims the data was maybe not accessed (they aren't certain). On the other hand, MSNBC is spreading panic by running a story about how 2.2 million PSN users' credit card data is being sold over the intertubes, complete with expiry dates and CVV2 codes. That story may even be credible, as indicated by that poor fellow in Australia who was taken for $2000 (as reported by ABC News in Australia).

http://www.msnbc.msn.com/id/42806008/ns/technology_and_science-securi ty/
http://www.abc.net.au/news/stories/2011/04/28/3202046.htm

People want to be compensated because A) their personal data (and possible CC info) has been stolen due to Sony's negligence and B) many people have paid money for things that they can't use because of the outage.

For example, I bought $60 worth of PSN cards to buy some games, figured I'd use them the next day and discovered the next day that the server was down. Other people bought online games and can't play them. Other people bought Portal 2 hoping to activate a PC version and can't play them. A few people even purchased a PSP Go only to discover that they can't buy any games for it.

And anyway, the correct question isn't "why should people be compensated?" It's "what can Sony do to turn a PR disaster that could ruin their gaming division permanently around?"

Just give them a free avatar t-shirt. That is all they deserve.

The PR guys that draft these blogs have to be careful, not to accept any fault / negligence or they risk law suits. Any lawyer will tell you, no litigation is better than litigation.

@Marcus "I survived PSN Outage 2011 and all I got was this stupid shirt."

its just funny to me before anyone's lost a dime, everyone is demanding cash money.

Because Sony has never demanded/extorted cash from anyone ^_^

Seriously?

In two years, we are gonna be in the same situation. Sony is declining because of simple mistakes, and they can easily fix them. No one wants them to fail.

Yes, Fabio, we get it. Sony was hacked. Hackers are criminals, and need to be prosecuted. We get it. We really do. Ok. That does not alleviate Sony's responsibility to its consumers, or its responsibility to protect their private sensitive data. The article was well written, cited respected knowledgable people on the subject, and talked about companies other than Sony. Sony's handling of the situation has been poor. End of story. This article merely points out things they could do to make it better, and everything it listed would be in the long term best interest of Sony, even if they hadn't been hacked.

So please, close your mouth now unless you have something intelligent or informative to say. Your whining and posturing is actually very reminiscent of Sony, which might explain why you support them so strongly. After all, you can identify with them.

Kindest Regards,

I'm with you Fabio - there's a whole lot of people here who are very much emotionally lost in the moment (and largely lacking perspective). Don't feel bad, those that are doing this, humans place a strong emphasis on short-term emotion, and very few have much in the way of skills in seeing through the emotional haze out beyond the next few days (let alone weeks). But I reckon that by Christmas this year, this'll be ancient history. Unlike the RROD (where MS sold dodgy products knowingly for months), this is a relatively short-term blue, and at worst one of making a mistake, rather than knowingly duping their customers.

Really? I don't go to BP.

you are one of the few.

the difference with BP is you don't have a lot of choice in terms of where your oil comes from tons of tiny gas companies get theirs from BP, and you'll never know. In Sony's case, there is a choice, and that's what's dangerous. The consoles are decreasingly differentiated, so bad PR can be bad business, here.

I'll just point to the RROD. Gone, but not forgotten.

Yes, but Microsoft stepped up, admitted they were at fault, and spent $1B on repairing the damage -- which gained them a lot of credibility and respect from many of those affected. Even so, as you point out, the RROD is still not forgotten. Can you imagine how much worse it would be if they had taken the approach that Sony appears now to be taking? Sony is currently experiencing their own equivalent of the RROD and they can expect it to go a lot worse if they don't change their attitude.

I'm not really sure what you want them to say at this point. sorry? a detailed description of exactly how to hack into SOny headquarters? that wouldn't change my opinion at all. Microsoft's handling of RROD was no better and doesnt change the fact that they knowingly sold a faulty product. no PR machine in the world is gonna make up for losing millions of people's credit card info, assuming they did.

I don't understand why everyone thinks Sony responded so badly. I really don't. They brought down PSN as soon as they knew there was an intrusion -- which is exactly right. They blogged about it daily... which is more info than we normally get. They hired a high end security firm immediately. Perfect. They told us exactly what was taken as soon as they knew what was taken, but had warned us stuff might have been taken as soon as they knew there was an intrusion.

What else do people want? Tweets every ten minutes? I don't get it. I really don't. I'm perfectly satisfied with Sony's reaction.

Is it bad they got hacked? Yep. But that can, and does, happen to many big corporations (as well as banks). Do i wish the hackers didn't get my info? Yep. But... I don't fault how Sony has dealt with it so far.

@ferret

Sony didn't come right out and say that they were hacked. That took them quite a few days to admit. It was just an "outage", remember?

Additionally, we're talking about 75 *million* people. Not dollars, people. Think about that number for a moment.

Each account has a full Name, address, email, and likely a password that gets reused all over the internet. Nevermind the credit card data.

Now think about 75 million potential cases of ID theft where the attacker has all your intimate details, provided by Sony.

Now here is where it's hard to feel sorry for Sony:

* Sony got hacked. When you go to a restaurant, and order a meal. Do you trust them with every personal detail, as well as a xerox of your banking cards, kept in their file cabinet behind a bar? Absolutely not.

If Sony can afford armies of lawyers, they can afford the best in penetration-testing too. Sony is a victim if they can show they were serious about security. My gut says, they have focused on litigation instead. In my eyes (and many others) Sony is negligent *AT*BEST*.

* Their profile was raised by taking Geohot to task over PS3 hacking. In case you haven't noticed, Anonymous is it's own legal system now - if a corporation attacks a hacker, you get hacked back. Agree or not, that's the new reality. I'm not saying Anon did it, but they could certainly join the fray.



Security-wise, Sony should have been "loaded-for-bear," not caught with their pant down.

This! There's so much ridiculous, emotional, tabloid rubbish going on about this (something Gamasutra doesn't usually stoop too - shame Gamasutra, shame) it's almost like internet mass hysteria! When you read what the IT security professionals are saying (the real ones, not the people playing make-believe in blog posts or answers at the bottom of articles like these), Sony's playing it about as well as they can, and many many more corporations get hacked than we know about. So many, in fact, that it starkly highlights how unusually well Sony is treating us.

I'm not saying they did everything right - I personally believe they should have had all their personal details (and not just the credit card numbers) encrypted, but no large organisation of humans does everything right (or Gamasutra wouldn't have run this piece in the first place).

Rod, could you please post a link to microsoft admitting fault. I would really like to read it because as far as I am aware they never actually admitted anything was wrong just that they could do better.

Wait a minute. Microsoft "Stepped Up?" What alternate reality are you living in?

The 360 was released at the end of 2005, with the RROD evident in an unspecified number of consoles. While Microsoft attempted to address the individual issues, they withheld in-house statistics and tried to claim that the issue was within the 5% Margin-of-Manufacturing-Error.

It wasn't until mid-2007 that they finally started offering extended warranties on those original units. That's about a year and a half of pussy-footing and denial that anything was actually wrong.

This PSN Shutdown happened just over two weeks ago. Trying to compare the two while making it seem like Microsoft "did it right" is extremely forgiving, seemingly biased, and remarkably short-sighted.

While Sony definitely could have done more, there are a lot of legal and logistical ramifications to consider in a situation like this. While Campbell's ideas have merit, it's very easy to be an armchair quarterback when you've got nothing to risk on the situation.

In this digital age where we all want information, results, and products immediately, we've got to realize that sometimes things just take some time. Relax. Let's see how everything shakes out, and then if Sony handles it badly, we can whine and cry about it.

But honestly. It's been two weeks. If your house is burglarized, how quickly are you going to just "get over it?"

actually there is a lot of security in being one of 75 million as opposed to one in a few thousand. your chances of actually getting screwed over this are minimal.

I suppose, however, no one will have the respect for Playstation-- perhaps Sony entierly if they continue to tackle intricate situations like this. I *liked* Sony... but their bad PR will seriously affect them in the long-run, in my opinion.

I don't believe he ever implied that Sony was going to fold, just that it was going to suffer losses in its market share due to the lost trust of their customers and the loss of reputation. That is a fair enough statement. Sony will not fold because A) it is widely diversified, and B) because its customers have invested a lot of money into the products they purchased, and will continue to do so because it extends the value of that purchase. However, that it will leave a bad taste in their mouth that will be remembered when next gen consoles come out is still up for grabs and largly dependent on Sony's behavior from here on.

But Nintendo is "Doom"... well it is if you ask some people online. And by that i mean, there is a certain portion of the gaming community that has a negative view of Nintendo and all their products. I go on a few other gaming sites, and recently during the whole project cafe rumor situation, there were quite a few gamers who said that they had no interest in any Nintendo product, because of the Nintendo 64 or GameCube.

Once a negative opinion about a company is establish, it is hard for that company to erase it. Just look at all the doomsayers around Nintendo, despite their current success this generation.

Eh, there are a lot of big differences between the red ring of death and this, but one of the biggest is that Microsoft had good public relations with the matter. I got a red ring of death. Called up Microsoft. They were very polite, fixed the problem free of charge and gave me a month of Live Gold for my troubles. Sure, it was annoying to be without my console for a couple of weeks, but they handled the situation as best they could.

Sony, on the other hand, has had awful PR with this whole mess. Oh and the Red Ring of death, awful though it was, never resulted in anyone's credit card & personal information being stolen.

What about the fact that Microsoft rolled out the 360 knowing there was a overheating problem with it? I lost all confidence in Microsoft after this. Who hasn't?

Not I. I'd have to agree with Robert, as I had a very similar experience concerning my RROD. Microsoft has only improved over the lifespan of this generation of consoles, and I'm glad I placed my faith in them.
Next generation may be different for all companies involved. A clean slate and new hardware/software to promote.
I would like to add that even though Xbox Live is has a relatively steep price compared to PSN, Microsoft hasn't had a security breach of this magnatude. It may be that you get what you paid for.

As Robert pointed out, this isn't like the RRoD situation. In one case, you lost your console, on the other, you lost your personal information and credit card information.

I can guarantee you that if people's credit card/personal information was actually taken, then they will remember this for a long, long time. As they will have to deal with the results of it, for a long, long time.

Marcus, I honestly never cared about thr RRoD. I've even heard that they stole chip architecture from Sony, in their push to rush something out. don't care. never affected me.

However, when they raised the price of XboxLive with no attached explanation - they lost me forever. I went in and disabled auto-renew (close as you can come to cancelling?). Couldn't be more angry at them. Remain so.

This is why the Sony network failure is breaking my heart. I was all set to do a pompous victory dance when Portal2 proved more-open network were the future. I was a PS3 convert. Instead I find myself thinking maybe I should stop console gaming altogether and just go back to PC only gaming. bleh. depressing.

The funny thing is that though they technically raised the price of XBox Live, in actuality they didn't. I can't log onto my silver XBox Live account without seeing a special deal on XBox Live where you pay a drastically lower price and maybe get a few games thrown in as well. As far as I can tell, they only raised the price to make the deals look even better.

The RRoD and this security breach were each caused by the company being stupid and arrogant (in MS's case it was thinking they could save a few million bucks by doing their own design instead of paying the ASIC vendor to do it).

My X360 RRoDed . MS replaced it. End of problem. They apologized and ate the costs. I recently bought a new slim X360 and have no problem recommending them to other people as reliable now. The RRoD issue faded because /MS stepped up and made it better/, to the tune of about a billion dollars.

So how will Sony handle this? Not well so far, though it's still recoverable. My original PS3 (from before they crippled them so much) still works, but if you asked me which one I 'trust' more right now, it's the X360. Sony needs to fix /that/.

I do not understand how people are saying this is worse than the RRoD. Until Sony says my information was stolen the blame is 100% on the hackers. Yes, Sony picked a fight they could not win and I respect them for taking the blame on that one. But when my XBox 360 RRoDed, I lost my gaming completely for weeks. The answer I got from Microsoft was "My bad. Let me get that for you." Exactly what Sony is doing, except I can still play all my games. I'm not hung out to dry with nothing because of something Sony did. And who is to say Microsoft is doing any better with our personal information than Sony? They just weren't the target of the hackers. Sony is doing everything they should be doing, and I don't blame them for not throwing some glitter on it and getting all puppies and rainbows with their customers. Stuff happens and they are managing it all. I have complete faith in Sony and that they will take care of the issue. At this point I am more pissed at when my XBox went RRoD then when my FREE PSN account went down. Don't get me wrong, I will be singing a different tune when I am the victim of credit card fraud because of Sony, but that hasn't happened yet. So lets not put Microsoft on a pedestal because they knowingly sold me a faulty console and then told me "Uh oh, here's a month of Live Gold. Hope that makes up for the weeks of nothing you had to endure."

Sure, because those two things are totally comparable right? o.O

This is actually a good analogy - shame Alan and Brent lack the imagination to conceptualise the fundamentals behind these two ideas appropriately.

GeoHot talk about that on his blog, he explains that the media will never use the term Cracker, to them everyone is a hacker, do not matter if they use their skills for good or not.

what???? So, the free consoles and free month of live wasn't enough? The amount of 360s they have sold since the RROD thing says the opposite of what you suggest...

free consoles? to replace the broken ones? they knowingly sold faulty machines. it doesnt get any worse than that, short of killing people like Ford and Firestone did a few years ago (and which everyone has forgotten).

+1 to this. The article was doing a great job until that statement was made. And the A and B options for how this will be perceived a year from now do nothing more than promote the fallacy of a black and white world when in fact, there are many shades of gray.

The bottom line with Sony's PR is that people are fickle. They'll switch over to MS and Nintendo until one of them does something equally damaging to their public image. The real question will be if there is a Sony to return to...

You do realise that identify theft happens on XBL as well? It's just that it happens in smaller chunks, and MS is far, far less open about it.

You've put up your own strawman. The article isn't discussing whether or not Sony is responding "by the book", it's about the PR situation. Regardless of how you believe Sony is handling the situation, you may have noticed the amount of negative feelings toward Sony on the interwebs. So, even if they don't have a security issue, they do have a PR issue. The article is addressing that. To what effect, well, that part is subjective.

And, honestly, I don't know what security professionals you're talking to, but I'm not about to give Sony a pat on the back for doing what they should have been doing since before PSN went live. I mean really, even without knowing anything else, you can tell a lot just from them storing personal data in plain text, sans any type of encryption whatsoever. It screams negligence. Any security "professional" that gives them a pass on that shouldn't be allowed to call himself such.

I've posted before, but only bother post on articles that are clearly misleading and/or poor. I In regard to your reply to my above comment (so I don't go double-posting), I agree the article is about PR, but its argument lacks a coherence and the facts on which it is based are only facts by dint of them achieving critical mass via internet hysteria, rather than a reflection on what's going on in the real world.

So - other than the Straw Man issue (which is a real issue with this article - what could have been an enlightening and deep discussion of the issues turns into a banal dichotomisation of something that's far more complex - and this is an issue with the PR argument), how about:

"Sony has always behaved like a dictator, benevolently dispensing information to favored sycophants according to its own desires.. "

combined with:

"It is no coincidence that JetBlue spends a lot of time and effort on its social media outreach, using its blogs as a fun way to connect with people, instead of merely a dreary corporate mouthpiece and bucket for PR assets, which is the norm in the game industry. "

What kind of rubbish is this? I'm not sure if the author has ever been on the SCEE or SCEA blog (I'm limited to English language blogs, so can't speak for the others), but on these blogs you get far more than Sony-only announcements, with substantial amount of content from games developers and publishers, as well as competitions from the fans. Further, all of the blog posts have comments sections, where it's quite common for questions from the great unwashed to be answered directly by people in the appropriate dev teams.

This is nothing about security - this is a failure in the author's detail when it comes to talking PR.

And then there's:

"It needs to be loved. This is why the duff notes coming out of Foster City are so excruciating. "

And we get one short sentence and no acknowledgement of responses in the blog Q&A comments, and (and this is a shocking omission) where's the example of how other companies have handled a hacking differently or better? But no, the author would rather spend words and attention on trite references to Dominos Pizza, which he himself acknowledges are a completely different product and pretty useless to look at in this case.

Whether you're talking the tech details, or the marketing, or the basic logical structure of the argument, this article is poor. This is nothing against the author, they may have been having a bad day, or been busy and not giving this their full attention, or this may not be their area of expertise (it's one thing to market a product, it's quite another thing to analyse marketing from an outside perspective). And this isn't standard for Gamasutra - normally your articles are of good quality (so you won't see me posting often - I'll only post when I think something needs adding/being highlighted, such as in this case).