In a press release that was no doubt run through every legal division and top level exec the company has, Sony has admitted that user data was stolen, potentially credit card info during the PSN breach that has resulted in a weeklong (plus) network outage. They're being super-cagey on whether CC numbers were actually stolen, but we took the safe way out and cancelled the associated card.
Because who knows. If everybody's credit cards are already out there, the damage is done, but it would be great if Sony could spell out "yes, your CC is at risk, just as we know your account name/pass, birthday and address was nabbed."
Up until this point, the PSN downtime was just annoying, not critical. It's rare that I play an online match... but I do buy stuff from the Store all the time, and I want my Trophies to sync up. I can live without the Store and Trophies for a stretch, but lingering doubts about credit card numbers need to be addressed immediately.
Yes, we checked to see if the card had been abused. No, it had not.
The personal info that Sony says was definitely stolen is mainly public knowledge stuff, but a good thief could leverage that info into greater mischief. Particularly the PSN name/pass. When the Gawker sites had that password leak a few months back, I learned a lesson and started up different passwords for everything, so the exposure of my PSN pass does not have much of an effect. I've already reset the one other service that used a similar password, and once PSN comes back online I'll turn that password into something new as well.
Dropping the credit card means an expected nuisance of contacting all the places that were attached to that card, so that process sucks. When PSN returns, I think I'll stick with using prepaid points cards... something I did probably about half the time on PS Store purchases in the past.
Yes yes ha ha, Nintendo is fine (although not especially comparable in this case, since the structure of what PSN offers doesn't have much equivalent on the Wii) and Xbox Live is fine. Like I said, the online component for me is mostly buying, friend-spying and stat-recording, not so much the I PLAY A SHOOTIN GAME ONLIEN angle. Predictably, I do not have much interest in folks crowing about how glad they are that they never bought a PS3 (security break-ins can happen anywhere), or how stupid it was for anybody to use CCs or real info on the account logins (using credit cards is how the world works), or how Xbox Live is worth every penny (this break-in still doesn't change that PSN has been free for years, and a Live subscription significantly adds to TCO).
When Joe Haygood and I discussed the difference between a Live outage and a PSN outage on the latest Aeropodcast (before today's data theft admission), I posited that the Xbox community was far more inflamed during the famous Christmas server crunch because A) they're more focused on multiplayer online and B) they're paying for it.
Today things are a bit different, since Sony's security failure now means a bit more than me having to wait to buy the new Fleetwood Mac song pack for Rock Band. There's no way Sony can't address this at E3.
I would not be at all surprised to see Sony use this event as leverage for turning PSN into a pay service.
Undeniably it's now an official black eye for Sony. If they could have assured that all data was safe and the downtime was, as rumors suggested, to stop a DOS attack or to stop unauthorized Rebug units from getting free games, they could have come out of this one okay. Now some questionable security was exposed and actual everyday users have to scramble to re-establish protection.
I love Sony, but it would be nice to see the company learn some humility this generation.