Tell Us Dammit

Dammit, we want you to tell us stuff – like how has the PSN situation changed your perception of Sony as a company? Will it affect your purchase decisions down the line?

This isn’t some marketing survey or whatever. It’s an emotional investment in you. Yes, we’re interested in knowing you, Kotaku reader person. You probably know enough about us – more than you even want to, we’re sure. But, hey, we’d like to know about you, too.

I see a number of ways how this whole situation could harm Sony. The loss of consumer confidence could have knock on effects, particularly as Sony look to pave new ground in digital distribution. Will consumers hand over their credit card details as easily next time? Or will people forget quickly?


Comments

    I may have to pay for XBL but at least I (currently) have peace of mind. Sony may have been stretching their resources trying to provide adequate security for a free online service - I wouldn't be surprised if they introduce a subscription system to cover the costs involved in deflating the current issue and beefing up security going forward...

      Not really, the credit card security comes from all sales.

      It's doubtful that much of the funds from the gold membership go towards security. That stuff would be funded from the license fee for every game.

      hacking happens i bet MS has been to

      Uggh why waste your money on something that is free. Imagine if this happened to the XBL service, you would all lose your minds because you pay for it and would demand answers. Most PSN users don't actually believe their credit card info has been compromised. The service is free so I don't really care if it's down. Twitter, Facebook and Tumblr have all had their downtime moments. Life goes on.

      These breaches are not isolated. Hackers don't suddenly decide they are going to attack Sony or Microsoft - the intrusions and attempts are constant, for all companies holding private information.
      Sony has been let down by bad security - not bad luck... People don't understand the importance of protecting against identity theft until they become a victim - whether credit card details are stolen or not - Sony had a duty to protect personal information and they failed.

    I had little to no information tied to the my PSN account, but I still think they're colossal idiots for having their network setup in such a way that so much vital information was stored in plain text and available to pretty much anyone who knew where to look.

    It won't change how I deal with Sony, if they put products out that are worth buying, I will buy them. I just won't be trusting them with any information, which isn't much of a change anyhow.

      Has it been confirmed somewhere that they were storing data in plain text? I mean given recent information coming to light regarding Sony it almost seems possible, but I would still highly doubt it.

      I can't imagine any important customer information such as credit card numbers, passwords, or even personal details were stored in plain text. However no matter how heavily encrypted the data is, it is only a matter of time and processing power for it to be decrypted.

        I could have sworn I read something on Ars Technica saying that things were stored in plain text. Can't find the article though.

          I think you refer to this:
          http://pastie.org/private/97oth9v5tspkiztwwdmnga
          somewhere up top, between lines 27-77 there's the talk of data being transmitted as plain text as well as Sony keeping tabs on every device you connect to your PS3 and storing, sending, collating that data.

        It seems like all the CC related info was encrypted. Personal info was not. To quote Sony;

        "The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

          Yeah I just read that in another article. Thankfully credit card info was encrypted, that's probably a law somewhere and if it isn't, it should be.

          The fact that personal information isn't is kind of disappointing. It isn't nearly as critical as credit card info but it is still an invasion of privacy.

            The personal info is far more concerning that the credit cards. I don't want my credit card to be frauded, but if it is I'll just cancel my card... worst case scenario I'm down some money. On the other hand, the information that is now public means people could lose their identities rather than just some money... much worse in my opinion.

    I will be interested to see how it plays out. I want to know exactly what happened, just how sophisticated the attack was etc. I know enough about technology to realise that it can always be beaten, eventually. I also know that at this point, people are the weakest link already--perhaps its a human mistake, rather than deliberate bad judgement or penny pinching on security--that led to this.

    Hi Mark, just a quick mention, I really appreciate the way you have handled a number of articles since you became editor, really love the editorial style. In regards to the PSN issue, I am very concerned. For a long time I was never able to decided which console (XBOX vs PS3) to buy, I ended up buying both, but this PSN hack does make me wonder, should I put trust in Sony again?

    Will there be on going effects from this?, am I likely to have issues with identity theft at some stage, if not now, in the future?

    Does the same apply to MS and the XBOX, should I risk supporting them?

    I am very tempted to trade my PS3 and XBOX towards a 3DS and Wii or Wii 2 when it comes out. I was a Nintendo fanboy when I was a kid, and it got me thinking, perhaps the Friends code system isn't a bad idea, but maybe just needs a little work.

    Perhaps I am jumping to too many conclusions....

    For me, I'm quite annoyed at the way they've handled the whole situation. I'll be taking my credit details off PSN (still contemplating if its worth reissuing my card though) and probably never purchasing anything through PSN again.

    I wasn't a big PSN user to begin with, only a game here and there, but I won't be buying anything further from PSN I think, and if I do it'll be through prepaid cards

      Yeah, to be honest, I'd rather do future purchases through the PSN via Paypal - or a similar service where PSN doesn't get to keep my details.

      Why annoyed?

        I think whether or not they handled the situation correctly remains to be seen.
        It's frustrating, but if its true that Sony didn't know the extent of the damage until Monday, I can hardly blame them for that. Let alone the actual intrusion, if their security was up to scratch. Unless their security systems were incompetent, there's no reason to blame them for what could have happened to almost any major company.

        While I too was frustrated at first, after gathering all the information I could from any and all reliable sources, I'm unable to blame Sony yet for their actions. It appears that they did the best they could and if future investigations into the matter prove otherwise, then I'll gladly jump on the Sony-hate bandwagon.

        Also this, for those who haven't seen it: http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

          "I think whether or not they handled the situation correctly remains to be seen."

          If there is a breach, an organisation is *required* to inform their customers - Sony is no different.

          Thus, as they did not warn us on Day 1, they did not handle this properly.

          Personally, I would have rather have a false alarm rather than the sitution we now have.

          On that note, I just got an email from Sony saying my details may have been comprimised - so I have cancelled my current card as a precaution.

          When I was on the phone to the bank and the lady on the other end basically knew where I was going before I even finished saying the name "Sony".

        Mainly due to the lack of communication from Sony, but also because of the stress and worry it causes when there is a chance that your personal details (and credit details) could have been stolen.

        I know I might be jumping the gun a bit, but when it comes to these types of details being stolen, I think its justified.

      well the good thing is that most of the best download games are on xbox live imo. i didnt find any worthwhile psn games for download. but thats just me

      I am pretty peeved off myself. Network being down doesn’t bother me. It happens. But the fact they waited so long to tell everyone so there lawyers could get ready for the inevitable lawsuits is not cool. They surely would have known early on that data has been compromised.

      Im pretty careful with my personal data and the fact that Sony didn’t encrypt it or put better safe guards in place is really a let down.

      I wont be buying anything from the PSN store ever again and its really made me think about how much I want to buy there products altogether.

    The whole thing has being annoying but it hasn't really made me look at Sony any differently. It's not their fault they were hacked and no system can be 100% secure. Maybe I'll be a little less certain that the PSN isn't going to suddenly go off line on me in the future but that's it.

    I doubt it will effect my purchase decisions on future Sony products such as the PS4. After all I got my PS3 for the games like God of War and Uncharted not because it was Sony. As long as the PS4, 5, 6 etc have quality exclusive games on them I will buy the consoles. As for Sonys other products like TVs I honestly don't really pay any attention to what company made it when I buy those sorts of things.

      Just got this when I submitted my comment and thought it was funny: http://img40.imageshack.us/i/kotakudown.jpg/

      Seems the PSN isn't the only thing that's having problems.

    well, its not all their fault, like someone in an earlier kotaku post thread said, if hackers wanted in, they'll get in. that said, it seemed like they made some juvenile mistakes with their security.

    ive changed my card just in case, but is this going to put me off from playing ps3/ngp/psp exclusives? **** no. a free lesson about internet shopping vigilance wont keep me and sony from being friends :D

      Sorry but that is rubbish - proper IT security should be able to identify breaches as they occur. Sony has failed in this regard. Hacking intrusions are occurring constantly - not just one day all of a sudden. Every company and online service has to deal with constant attempts to access private information.

    It hasn't changed my perception of them. It's not really about Sony, it's about the hackers. It could have (and has been) any company.

    I still feel safer with them than I do with countless websites I've bought from using my card. And one thing I do hope is that it spurs Microsoft to make it easier (instead of the almost impossible it is now) to remove your credit card details from your Live account.

      Yeah, I agree, MS' system is really difficult, even to switch off auto-renewal, especially on other accounts (for instance, my brother's goes through my card, but to cancel that he needs to call up with me there as it's my card .. but we live far away from each other).

      You definitely should be able to do it via xbox.com, and not just through the support line.

        I had a dumb xbox live moment like that just recently. My gold membership was about to expire and it came up with a warning the day before it did (would have been nice if it gave me more time than that) and asked if I wanted to renew. I clicked no out of habit, then afterward thought I really should have clicked yes because I still wanted the service.

        But it's ok, I'll just go online and buy a cheap 12 month card for about $50, much cheaper than the xbox live automatic renewal. Went to buy the 12 month card online the next day and when I was halfway through the checkout process I realised my girlfriend was playing on my xbox and had signed in to xbox live. Checked the system and the automatic renewal had still gone through and charged the credit card for another year.

        I was tempted to ring up MS to complain and get them to refund it, as I had said no to the automatic renewal prompt, but in the end I didn't worry as it wasn't that much money.

      Microsoft have made it easier, I logged into the xbox website yesterday and removed my credit card with a click.

    No, I'll continue using their service once it comes back. For all the noise everybody's making, it doesn't really affect me all that much. Plus network security is a tough problem and it seemed that their solution was adequate for a number of years now.

    But I'm only giving them this one chance. You would imagine that with all the focus being put on them, they will come up with a first class solution that's one of the most secure in the world - and it will need to be, because the people responsible for this attack will undoubtedly try again immediately.

    If anything goes wrong again, then that's it - it will be a long time before they get any of my real personal details again.

    Sony
    I'm guessing they had security in place or this would have happened a lot sooner, so it's a bit of bad luck. As for the PR fiasco afterwards, they shouldn't of kept it under wraps for so long. Should of come clean much sooner.

    Industry as a whole
    Bad: I hope it doesn't delay plans to expand digital services and networks for our games.

    Good: It's got everyone talking about video games as an industry, and a big industry at that. This could be good in other areas in boosting the image of gaming as a huge global industry with millions of users and a lot of money at stake. Rather than the image of a bunch of 16 years olds in front of an Xbox in a basement.

    I am personally very disappointed in Sony for this. Not because they got hacked, that could happen to anybody. Investigations into the security they had in place are not complete, so nobody can really say for sure.

    What I am however disappointed about, is the fact that it took them almost a week of taking the service offline, (which they did themselves, so presumably they found out about the problem prior to this action) to actually warn us that they've had an "external intrusion" and that our credit card info might be in peril.

    My first thought was to breathe a sigh of relief that I'd never used a credit card on PSN. My second thought was to feel a twinge of pity for the poor bastards who have, and don't read internet news, and don't know why PSN is offline, or maybe don't use it regularly.

    I'm not saying I'll be boycotting them. If Modern Warfare 2 is any indication, nobody actually takes those seriously.

    But I am definitely going to be very cautious about the information I give out to them. More so than before.

    Nope. Still want someone to buy me a PS3, because I want to get my hands on the exclusive games (Uncharted, MGS, SotC, Demon's Souls, etc).

    However, I don't play online, and I don't store my CC details on my consoles' networks, so this doesn't really affect me like it would have others.

    PSN Cards only from now on

    It's certainly raised some eyebrows, especially if credit card details or even passwords weren't even encrypted. This is basic stuff that should have been implemented from the beginning.

    The PS3 was my goto console after I got sick of my 360 hardware failures but after this I'm just sour on the thing. I won't be throwing my console into the fireplace but it might push me back to PC gaming a bit more.

    It's changed the way I'll buy things online. I've removed my card from Xbox Live and will do the same with PSN when I can log in again. Future purchases will be done using prepaid cards which will be good in a way because it'll stop impulse buys.

    It's definitely going to affect how I purchase stuff on PSN. Granted, looking at my emails I haven't bought anything on there since September, but I definitely will make sure I buy a PSN card to make those purchases. I'm also contemplating doing that for the Xbox, however that will be more inconvenient as I buy stuff from there a lot more. But, I might stop buying so much stuff..

    You did make a good point in your feed this morning Mark, saying that they should have the most secure and encrypted database after this debacle. However, winning that trust back will be a long hard slog, and I'm not willing to give them that information when users have been treated fairly poorly. I guess I shouldn't have been surprised - it is Sony and their customer relations, after all.

    it will be like banks with intrusions, if they get done once, theres a slim chance it will happen again. While i have changed all passwords affiliated with the email address provided to psn and had a new debit card number re-issued, im not too concerned about it happening again

    I've rediscovered PC gaming.

    But I still love SONY.

    It doesn't matter where you shop, if you put your credit card details online there is always a risk.

    Meh, credit card transactions are protected and my cards changed since my last purchase any way, most of those personal details are likely already in the wild, I'm diligent with phishing emails.

    I'd say little to no impact, I reckon a lot less secure companies have my CC details from stuff I've bought online, and odds are that they wouldn't have the resources to detect a hack like Sony does.

    No system is perfect and in reality this is probably a sign of things to come, as massive repositories of user data are put together, imagine the hell that would break loose if Apple was comprimised.

    From my point of view, My partner and I have called the bank and actually blocked and cancelled the credit card which was attached to our accounts.

    In the future when PSN comes back up, I'll not be using my personal credit card, I'll be using a 'loaded' card which you use like a credit card, but have to load the funds on to.

    I'm not angry at Sony at all, these things happen, it's the nature of online security and it is a risk anyone paying online takes.

    Sony have done the right thing in taking their system offline until fully resolved, no matter how many people QQ about missing out on their game time. This is more important than a game right now.

    I'm not too fussed. I'm keeping an eye on my credit card, but I'm not reissuing my card.

    ID thefts happen all the time. And I don't think Sony has handled the situation too badly. Maybe a bit slow distributing information, but what would they have told us before they realised the data was compromised? "We got hacked, we're not sure what the extent is, we'll let you know."

    I think flaming them at this stage is premature. Once the investigations (and law suits) are all settled, and we can see through the fallout, then I'll see my trust in the company has deminished.

    But so far, its an inconvenience. Not a tragedy.

    It won't affect me a whole lot, and really I'm not sure it should affect people too much.

    Whether Sony did 'enough' isn't really entirely clear still, and may never be entirely so. We'll find out more after some of the watchdogs and legal entities are finished, but that will still only determine if the legal minimum was reached, which it possibly was.
    Things will now be ramped up security-wise (you would believe), so while we should have been concerned before perhaps, realistically their security will now be improved to a point we'd be content with.

    Sony being broken into doesn't mean their security was inadequate though. If you're attached to the internet, you are breachable. A company's security team has a finite size, multiple duties, on the occasion needs to sleep, and needs to keep all intrusion points blocked.
    Intruders have no size limit, have a single goal, only require 1 hole to be present in the wall, and do not need to sleep.
    It will always been an uphill battle for security and a dedicated group with adequate resources can probably breach most networks.

    I'll be watching my credit card bill fairly carefully, and I've changed a few of my passwords, but Sony will continue to get money from me when their products deserve it.

    Not in the slightest, it can happen to any company and I also have no issue with how Sony has dealt with it, since PSN has gone down, they have provided an update everyday since (even if it doesn't answer every question).

    In fact I look forward to when it does come back online as I had a stack of purchases I was about to make in the store.

    I'm gonna agree with many others on the fact that this could've easily happened to any company. It's all depending on the hacker's skills, tools, targets and most importantly: Determination. If they want to get in, they'll get in, even if it takes 3 days or 3 months.

    This doesn't impact my view on Sony, I just hope they can take this in as a lesson to how critical security is to people using their service for shopping online.

    Another point I'd like to make is to the users more than Sony: Shopping online is always a risk, no matter what you're buying, or where you're buying through. No system is 100% secure for online shopping and there never EVER will be such a system. It's an unfortunate fact that every time you make a purchase online, you're taking a risk. Encrypted or not, traffic can possibly be intercepted from anywhere from your PC/PS3/Xbox/whatever to the purchase site/service. Scenarios like this are to be expected, granted the chances are supposed to be low for services such as XBL, PSN and Steam but it's still not impossible for it to occur and it never will be. The best thing people can do is make sure they know what to do in the event of something such as this and plan ahead to minimise the damage to your own expense.

    I still NEEDZ a PS3!!!!!

      No doubt there will be a few cheap PS3s on eBay very soon.

        and just think, you might be lucky enough to get someone dumb enough who...

        1) Didn't format the HDD in the PS3.
        2) Didn't unclick the save password option

        So you could login to their account anyway and grab their details, hell, even purchase something with their credit card!

          They'll then blame any security issues on the PSN breach and feel like they made the correct decision to sell their console. Because accepting fault just isn't an option.

Join the discussion!

Trending Stories Right Now