Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Trouble for Sony after PlayStation security lapse

As the PlayStation 3 outage continues, David Crookes ponders the future problems it could pose for Sony and digital distribution.

Wednesday 27 April 2011 11:21 BST
Comments

The Easter heat was beginning to subside, guests were polishing off the barbecue and a decision was made to head indoors and watch a film. As is often the case nowadays, the PlayStation 3 was powered up and an attempt was made to connect to the Lovefilm service.

Error. The PlayStation Network was down. Not for the first time. In fact, it had been offline for a few days but not to worry: with the beating sun came a good mood and no-one was going to swear and curse because we couldn't stream a movie. We'd just grab one of the much-worn DVDs from the shelf instead.

But there was cause to worry. Sony admitted last night – some six days after the Network was taken down – that the personal details of more than 70 million users of the PlayStation 3 could have had their personal details stolen by a hacker.

Prior to that admission, Sony had been asking for “a little more patience” from its user base over what it called "an external intrusion on our system". The Network, it seems, has been hacked and it has caused it to crash out of existence while additional security is bolted on to the system and the whole shebang is rebooted.

It means no multiplayer Call of Duty for a while, no downloading of games from the PlayStation Store and certainly no chance of clicking on The Hurt Locker while Sony has a bomb of its own to defuse before everything blows up in its face.

Ever since the Network was taken down, there have been more rumours than firm answers. Some thought it may have been the work of Hactivist group Anonymous (it has denied responsibility). Some are subscribing to the theory that it is an attempt to stop users taking advantage of a custom firmware called Rebug which the website Reddit suggests could allow people to use fake credit card information in order to download games and content for free?

There is also speculation that the current action is linked to the PlayStation 3 security breach which famed hacker George Hotz was said to have found the root key for. Hotz – also known as GeoHot – said in January: “ I can now do whatever I want with the system.” It sparked speedy legal action by Sony.

Sony is now insisting that it is an attack by hackers who have got their hands on "name, address, country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID" of users. It added: "It is also possible that your profile data, including purchase history and billing address, and your PlayStation Network/Qriocity password security answers may have been obtained."

So what now for Sony and for downloads in general? Much has been made of the videogame industry's move towards digital distribution and online play. Downloads are a growing part of console gaming and they also underpin the PC market with 11.2 million digital games bought online in 2010, some three million more than those bought in the shops. Nintendo, Microsoft and Sony all have their own download stores. The PlayStation Network has had more than 1.4 billion downloads since it launched on November 11, 2006.

So the lengthy outage, which started on April 20, is costing money – and leading customers to fear they may lose theirs. After all, someone who uses the same username, password and credit details across sites could find themselves seriously compromised.

But it not just customers who are losing money. Developers who have games available for download are counting the cost of lost sales (Dylan Cuthbert, head of Q-Games which makes the PSN-exclusive Pixel Junk series of games, told IndustryGamers the outage “definitely affects our bottom line). Publishers who have invested vast amounts on the latest releases from Portal 2 to SOCOM 4 will be fuming given most games today have strong online gaming components.

More than that, however, it is causing a tidal wave of discontent and falling confidence among gamers. Who knows how many people will be turned off by the problem and may decide downloading is not for them, certainly on Sony's system.

The lack of urgency on Sony's part to answer questions regarding user security will have inevitably alienated customers and it could also make many wary of having their details held on such systems in the future. It also shows how vulnerable network services and online stores can be and the effects it can have not only on consumers but on the very people who make the games.

There may also be questions as to whether our data is truly safe. Given governments have been pushing for our data to be held in vast databases, how can we be sure that they will be given top-level protection? If a major technology company such as Sony cannot prevent hackers with all of its expertise, what hope anybody else?

People are flooding Twitter and Facebook with comments suggesting they will switch from Sony to Xbox Live Arcade instead which shows there is some level of confidence in the download market at least. It still leaves Sony in a precarious and embarrassing position, one which is hardly likely to curry favour among even the strongest of its own supporters.

This public relations disaster couldn't have come at a worse time given the recent disruptions at Amazon and Play.com. But the difference, say commentators, is that Amazon kept customers informed as the actual issue. Sony's customers aren't sure if they will lose money, online trophies or shared data and developers want to know when their sales will start again. The biggest worry for the industry, though, is whether those future sales will be as buoyant as they once were.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in