Sony leaders bow their heads to apologize to users on May 1 in Japan.
25 days is the number of days that Sony's PSN system collapsed due to a series of attacks by hackers. And according to Edge magazine, there are 5 lessons that Sony got through this incident.
A year ago, Sony created an online department to manage and connect their different products and services to one such category as the Bravia product line, PlayStation series . So, on In terms of users, it is easy to see that Sony has many parts that are completely separate from each other despite having the same brand.
While it took Microsoft years to build Xbox Live in the context that they had a lot of experience in network solutions, Sony's PSN was just a mirror of Sony. Each feature has a separate brand that is reserved for an icon on the XMB interface bar on their console. Speaking of PSN game updates compared to Xbox Live, Microsoft is the second-largest player, but any gamer realizes that Sony's PSN gaming experience is not as good as Microsft's Xbox Live.
According to an expert, the PSN platform system runs to 50 different programs and this makes the system very vulnerable to security holes. Because any computer engineer can point out what is a good security system and what is a risky system.
First, people " hate " Sony for warning users that their personal data is revealed, and Sony's explanation is quite reasonable, that they are actively working to identify the damage. However, that is simply a warning. When George " GeoHot " Lotz announced the root lock to crack the PS3 lock online in December last year, Sony said it would fix the bug with online updates.
But all updates only prevent hackers from accessing the PSN. Immediately, hackers pay attention to PSN, while Sony still has no move to improve security. Sony did nothing when the group of hackers proclaimed Anonymous as the name of PSN and also did not do anything when a series of denial of service (DDoS) attacks knocked down PSN all day.
And it seems that the resources for Sony's internal security are not enough. When the first attack began on April 12, Sony's information security department did not soon recognize it but until 19 April they knew it thanks to . the user reflected. It took Sony 6 days to cooperate with 3 outside security companies to determine the data the user was stolen.
Sony did the right thing when processing users' credit card data. They store encrypted data, have a security code CVV that is not contained on their servers and Sony claims that they do not see any evidence of theft. However, this makes us rethink the availability of the system when we throw all of our personal information online.
Using the same password for many different sites may be a problem in Sony's case. And Sony can refer to Microsoft's way of adding payment methods via PayPal. Obviously this approach also helps Microsoft expand their market greatly, especially in areas or users who do not use credit cards.
Lawmakers in the US and Australia are considering a bill that ensures users are accurately informed when their data is leaked, and Sony is also calling for more appropriate levels of treatment for news. hackers.
Sony also lost the trust of users. On May 1, Sony CIO Shinji Hasejima confessed that the vulnerability Sony was attacked was not a new vulnerability, but Sony did not recognize this vulnerability. There is also another vulnerability that allows thieves to download PSN games, use fake credit card information, and this error is not new. However, due to the subjective attitude that the PS3 could not be cracked, Sony was attacked.
25 million user information is stolen, so how many users feel confident enough to fill their financial information on PSN when the system has been restored? How many developers will continue to write download games on PSN? Reconstruction of PSN may take only a few weeks, but reconstruction of user confidence may take years.
At this point, perhaps Sony is planning to compensate users, but it is certainly not compensated in cash, but some free PSN titles. What users are more interested in now may be how the security policies ID of millions of PSN accounts will change.
Perhaps Mr. Howard Stringer's Sony chairman will be replaced, as other Sony leaders themselves suggested, including the same shareholders. Sooner or later, Mr. Howard Stringer has no other choice. Of course, there were a few other leaders on Sony's dismissal list. Maybe Sony thinks that these characters bring disaster to the relationship with users that Sony has always kept bright colors.
However, Sony doesn't lose everything. To rebuild PSN from the beginning, many people believe that Sony not only focuses on securing their online services, but also adding new features to encourage users to come back online. The traumatic past will surely be shaken by Sony, and there is no doubt about the importance of online services that are mushrooming nowadays. Sony's departments need to work together to repair and re-paint the brand that has been severely compromised in the past few years, culminating in the end of April.