New York Attorney General Eric Schneiderman subpoenaed Sony over the PlayStation Network and Sony Online security breach that has compromised millions of users' personal information, according to a new report.
Bloomberg on Wednesday cited a "person familiar" with the probe, which seeks information on the data breaches as well as Sony's "representations made to customers."
As part of a "consumer protection inquiry," the attorney general intends to closely examine what Sony told its customers in regards to the security of Sony networks, according to the report.
Sony Computer Entertainment America spokesperson Patrick Seybold told Bloomerg that "we will review and respond to this request and will continue to work with law enforcement authorities as they investigate the criminal attack on our networks."
The PSN breach, a cyber attack which Sony said occurred sometime between April 16 and 19, was discovered by Sony on April 20, with the company shutting down its PSN and Qriocity online services the next day.
On April 26, Sony informed users that the attack compromised personal data of around 77 million accounts, with credit card information possibly compromised. Sony said it was unaware that personal information was stolen until April 25.
Days later, Sony Online Entertainment, developer and operator games such as EverQuest and DC Online Universe, confirmed that 24.6 million more accounts, including 12,700 credit cards numbers, were also compromised. PSN and SOE's Station.com are still down, with some services expected to come back gradually in the coming days.
Is Microsoft's Xbox Live's network security that much different and/or better than Sony's?
Anyway, I find it hard to believe that Sony was unaware that personal information was stolen until April 25. I assume that Sony is playing a bit of a game as to what information constituted "awareness."
All this makes me wonder about the existence of other breaches of security of their network.
Kotaku has a pretty good article/interview with a security professional that basically says that all network security--no matter what company---kind of sucks...they are all potential victims to attacks...
That is a cop out, plain and simple. While there is no such thing as a 100% secure network, Sony definitely dropped the ball and made glaring mistakes in their security protocol.
Seriously, unpatched Apache servers with no firewall? Unencrypted user data? Those are absurdly bone-headed oversights.
It's not any better. It's not the fact that PSN was hacked, as that has happened to XBL before back in 2007 and in 2009. The problem is that a mass number of identification has been stolen, and Sony isn't providing either:
In US congressional testimony Dr. Gene Spafford of Purdue
University said that Sony was using outdated software on its servers and knew
about it months in advance of the recent security breaches. According to
Spafford, security experts monitoring open Internet forums learned months ago
that Sony was using outdated versions of the Apache Web server software, which
"was unpatched and had no firewall installed." The issue was "reported in an
open forum monitored by Sony employees" two to three months prior to the recent
security breaches, said Spafford.
So...
No firewall
No encryption
No software updates
No monitoring
No listening to their own forum
No to quality control on their hardware
Certainly trust in Sony is very lacking.
Makes you wonder how many *other* companies we do business with on a day to day basis are just as incompetent in their practices without us knowing it. Until something like this happens that is.
Anyway, I find it hard to believe that Sony was unaware that personal information was stolen until April 25. I assume that Sony is playing a bit of a game as to what information constituted "awareness."
All this makes me wonder about the existence of other breaches of security of their network.
http://kotaku.com/5797602/dont-blame-sony-you-cant-trust-any-networks
Seriously, unpatched Apache servers with no firewall? Unencrypted user data? Those are absurdly bone-headed oversights.
a.) The truth
b.) Answers people want to hear.
And really, it'd be:
c.) A combo of A and B.
University said that Sony was using outdated software on its servers and knew
about it months in advance of the recent security breaches. According to
Spafford, security experts monitoring open Internet forums learned months ago
that Sony was using outdated versions of the Apache Web server software, which
"was unpatched and had no firewall installed." The issue was "reported in an
open forum monitored by Sony employees" two to three months prior to the recent
security breaches, said Spafford.
So...
No firewall
No encryption
No software updates
No monitoring
No listening to their own forum
No to quality control on their hardware
Certainly trust in Sony is very lacking.
Makes you wonder how many *other* companies we do business with on a day to day basis are just as incompetent in their practices without us knowing it. Until something like this happens that is.
http://bit.ly/l23xiT
Watch Testimony Here:
http://bit.ly/lofVdV Edit
It's a bit frightening, actually, how much of your data is stored insecurely and ripe for the plucking.