Sony denies identity theft from PSN breach
04 May 2011
It has been a bad two weeks for Sony, the Japanese consumer electronics giant when nothing seemed to go right for the embattled company. What initially, seemed to be only an embarrassing network outage that did not allow customers to access its PlayStation Network, turned out to be a lot worse: a sophisticated cyberattack that compromised the customer data of 77 million PSN and Qriocity customers.
Though the company was not very forthcoming with information initially, it acknowledged why PSN was offline, and two days later confirmed the security breach.
Just when it seemed Sony was about to recover from the breach that hit, PSN and Qriocity came another embarrassment with Sony Online Entertainment too being breached. Analysts say there may be more to the SOE story as the company's investigation into the breach continues.
Meanwhile, according to experts, though Sony has not given any time frame as to when PSN and Qriocity services would be restored, the company said on Saturday night that most PSN and Qriocity services would be available again "this week." However, experts point out that even when Sony restores the services these would not be fully restored right away.
It is said that between 17April and 19 April, a an unidentified person illegally gained access to Sony's PSN servers in San Diego, California, by hacking into an application server behind a web server and two firewalls. Sony Chief Information Officer Shinji Hajesima said the attack was disguised as a purchase, due to which it did not raise any red flags. He added that the vulnerability the attacker exploited was known.
The attack was flagged by Sony on 19 April and on 20 April, PSN as well as Qriocity were shut. The company hired security experts and contacted the FBI to investigate the attack and find out how the breach had happened.