So It Begins: Sony Slapped with Class Action Lawsuit Over PSN Hacking Fiasco

23

Comments

+ Add a Comment
avatar

aarcane

at the first sign of compromise, the private and financial data should be physically removed from the communications network, scanned, and shut down.  When services are ready to be restored, those should be the last systems brought back up and scanned for security intrusions.

avatar

drcrazyrich

its just that simple ,SONY has bent us over and over agin about time they get it back !!.they re getting to power happy and needed a good reality check !!!

avatar

someuid

"Is it even fair to blame Sony for the actions of some maniacal tube-bending Internet wizard? Could any security measure taken a hit like this and not come crumbling down? "

Yes it is.  Sony's lack of security allowed this freak to pull this off.  They are just as liable as the person who hacked them.  They are also liable for not keeping customers up-to-date.  Sony doesn't get off the hook because there is another party invovled, and that party doesn't get off the hook just because Sony can be held accountable.  Both are at fault, and both should be punished accordingly.

Additionally, Sony, with its teams of lawyers, managers, public relations experts, etc, should have known to handle this entire situation much better than they did.  This isn't the first time some large corporation has been hacked.  They should have been fully aware this would happen and have planned for it.

Unfortunately, the Eurogamer article is blocked for me at work so I don't know what kind of security holes the hacker utilized.  But it still stands that Sony should have practiced better due diligence on their part.  Throwing up the mantra "THEY did something illegal, we didn't" is no justification for being a slouch with persoanl data you collect in the course of business.

avatar

Cregan89

"Is it even fair to blame Sony for the actions of some maniacal tube-bending Internet wizard? Could any security measure taken a hit like this and not come crumbling down?"

Yes it is fair to blame Sony. Every software developer knows that you must encrypt any sensitive data before storing it in a database, ESPECIALLY when you have millions of accounts worldwide, and ESPECIALLY when you're storing credit card information! In fact, I wouldn't be surprised if there are laws which explicitly make it illegal to store customer credit card numbers unencrypted. It is pure laziness on Sony's part and they should absolutely be held accountable!

avatar

someone87

Yes, it's called PCI Compliance, there are certain rules and regulations in place to dictate how CC#'s are processed stored, sent though, etc....

From what little I know about the system, it's full of stupid little reglitory governemnt crap, that does little/nothing to secure the actual data. I (thankfully) don't have to deal with it, but I have many good friends who do every day.....

Anyhow, yes a set of rues do exsist..... 

avatar

compro01

I think i may have finally discovered why Americans scream about government intrusion so much : You guys assume everything is government.

 

PCI (Payment Card Industry) is not government.  It's an industry consortum comprised of Vista, Mastercard, American Express, Discover, and I believe a couple others.

 

The PCI-DSS (Data Security Standard) is mostly general guidelines for proper security you need to follow to deal with credit card companies.

avatar

ghost6007

Man, I don't even own a play station product and I am screwed! Two years ago I bought my nephew who lives in Zambia a used PSP from eBay and had to create a fing account to get a firmware update for the stupid device, that's it!!!

avatar

BrandNewJesus

Am I they only one who sees this as just another blood sucking lawyer trying to cash in?

I mean come on, Even if sony has to pay up big time, only pennies of it will ever go to the individual users.

I have had the same PS3 since it launhed. I hardly ever use it for games.

It is a great media hub, and was the cheapest bluray player for years. 

Still use it for bluray, netflix, and the media server capabilities. 

 

PC gaming FTW

avatar

blip2004

The law firm didn't do this to "represent 77 million users" I doubt anyone at all even  contacted this group before they started drawing up the plans to use this to their advantage. I'm surprised people are still making a huge deal of this. No security is perfect, and other companies lose personal data all the time without it lasting weeks in the news.

But I do give them credit for being the first sharks to try and get the meat.

avatar

Caboose

Ok, so then you're saying that Sony should NOT be held accountable for this at all?

avatar

KenLV

@ghost6007

You are forgetting to include one very important word: “reasonable”

I'm not saying that Sony is in the clear here, but they did not, and cannot, guarantee perfect security.  All they need to do is show that they did take reasonable care and were attempting to plug holes as discovered.  It will be up to the court to decide if in fact the holes were ignored and that reasonable care was NOT taken to protect data.

Me?  I'd like to see the douche bag who did the hacking pay for the actual crime that was committed.

avatar

big_montana

"PSN's gaping security holes have been clearly visible since the Geohot jailbreaking brouhaha earlier this year, yet Sony did nothing to patch them up." This answer your question of "did take reasonable care and were attempting to plug holes as discovered". Obviously not. If not one was harmed by the outage, and subsequent theft of personal data, then there should be no case, but the case should proceed to at least get Sony to admit at whether credit card information was stolen as well, as they will only say regarding that tidbit, that it may or may not havew been.

avatar

KenLV

@big_montana

Again, I’m not saying Sony is in the clear here, but pretty much every article I’ve read states that they (the authors) are “presuming”, “assuming” and “speculating” and want more info.  Nothing wrong with that (wanting more info), but no, it is not "obvious" that Sony failed to be PCI compliant.  Also, to say that they are “just as liable” (as others have) as the actual thief is absurd – especially when al the facts are not in.  It's as if you lent me your car and someone broke into my house and stole the keys and then your car.  Am I "just as liable" as the thief?  Even if I left my front door unlocked and your keys on my kitchen counter, am I still "just as liable"?  Sorry, but it drives me nuts when people make excuses for the REAL criminals.  If Sony was NOT PCI compliant and as a result damages can be proved, yes, they can and will be punished.  But until the facts are in, the only person(s) known to have actually committed a crime is the thief.

A lot of folks keep focusing on the time issue: it should have been fixed as soon as it was discovered.  We're talking about multiple integrated systems here where "patching" one can effect others.  Besides, you’re not simply talking about slapping up a readymade patch to fix a discovered hole.  If it were that simple, there is no reason that they would not have done so.  A multi-billion dollar company doesn't ignore stuff because they are "lazy".  And even though I’m sure that Sony is watching the hacker community as several article maintain, it can’t watching EVERYONE.  That's like saying that since the cops are watching the corner crack dealers so they should have stopped the crack fiend from breaking into that apartment building across town.  When you are talking about massive systems like the PSN, you first need to investigate any claims and then once the hole is found/confirmed you need to develop a fix for it, test it, implement it, etc...  This all takes time.  And often not weeks, but months.  I know we’re all used to things working at the speed of light, but that isn’t always possible.

avatar

michaelnomad

We do have to wait for the facts to come in, still...

Yes, a multi-billion dollar company doesn't ignore stuff because they are "lazy", BUT they will make it a lower priority if it can save them money. In time we'll see just what Sony did to plug the security holes. Did they hire extra staff? Did they give the existing staff the oportunity to work overtime? Was it made a priority?

Maybe they did, maybe they didn't. We'll see.

Also, I don't think that most people are making excuses for the thief/thieves, they're just saying Sony is (I would say might be) liable. It's not like you borrowing my car and keys and leaving your front door open at night, it's more like a bank storing you're money and passport in a deposit box, and leaving their doors open after closing.

avatar

iceman08

hear hear!

avatar

KingKaname

As one of the millions of compromised users, I would like to add my name to that suit. Also, I'm definitely not buying a PS4. I am sticking to good old PC gaming. Microsoft has a console w/ a huge fail rate, Sony can't keep my data secure, and the Nintendo systems (as they’re current trend tends to be, we’ll see.) only spits out good games every two or three years (new iterations of Mario, Mario Kart or Zelda mostly). I can't wait to build my new monster system.

avatar

iceman08

as much as I love my console gaming, this has definitely given me plenty cause for concern. enough to make me bite the bullet and build a rig. I put my name on the class action suit as well. I might not get anything out of this, but Sony should be held responsible for not informing customers of sucha breach earlier, as wel as not patching their security.

Anything electronic can be hacked, but damn, at least make it difficult for the hackers to begin with

avatar

Caboose

I wonder if we Canadians can as well. I shall have to look in to it, so that my name too can be added.

I'm 80% a PC gamer, with the last 20% spread across 3 consoles, 2 handhelds and casual games on my Android. PC gaming has never really let me down in the past, and I don't see it doing so in the future.

avatar

fellowleo

Don't worry, when all this blows over, the next time you login to PSN, you'll have to click on agreeing to the "modified" EULA that will probably dictate that any dispute be handled by arbitration. ASSUMING that this clause is not already there...

avatar

ghost6007

If a company stores sensitive information then they have the duty to their consumer to safeguard it, just saying "oops" and putting on a silly grin does not excuse the fact that the data got stolen and is probably being misused.

That 50 tons of fine print you have agree to when you sign up for their services does promise in it that they will hold your data and will be keeping it safe; well Sony, your failboat has arrived.

An corporate entity is treated like a "live" being and the only way a corporate entity feels any pain or remorse is when the bottom line is hurt; I say sue their pants off... bastards didn't do enough to protect my data, why should I give them a break?

avatar

tornato7

When Geohot hacked the PS3, Sony went directly after him instead of fixing their flaws. Apparently, that did not solve the problem.

avatar

JMG760

+1 

Hope this lawsuit help change sony's actions when dealing with its customers. 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Knowledge + Humility = Respect

Arrogance + Ignorance = Rudeness

avatar

BETAnut

And so the cookie crumbles.....

Sony is in a hard place now and will have to tred lightly to come out with only bruses.

 

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.