Kotaku vs. Gizmodo: Has Sony Done Enough?

Sony has come out and publicly apologised for the PSN debacle, but is this enough? And what will be the long reaching impact of this PR disaster? We hash out the details with Nick Broughall from Gizmodo.

MARK: So Nick, Sony has come out, bowed its heads in collective shame and promised us some stuff in return for the whole PSN breach debacle – what are your thoughts on the situation? Has Sony done enough to help repair some of the damage done by this PR disaster?

NICK: Let's face it, Sony have come out and done the only thing they could possibly do short of committing Seppuku - apologised to consumers like a child caught with the remains of your limited edition original Star Wars X-Wing model. Whether that's enough to undo the damage this disaster has caused for them, only time will tell, but my gut instinct is that with time, the wounds will mostly heal. What do you think?

MARK: I agree. What has been interesting to me is that, in the mainstream media at least, this has been a big enough story for journos to continue the trail all the way to its conclusion – meaning that while the mums and pops got their fill of the ‘disaster’ headlines, they seem to be sticking around long enough to see the conclusion. This is good for Sony's reputation.

I’m not a security expert by any manner of means, but from speaking to a few leaders in the field, and reading quite a bit, what I’m hearing is that Sony, while not entirely innocent in this whole fiasco, has done a fairly good job of following protocol after the event. Consumers were, quite rightly, up in arms about the delay and the initial lack of information, but most experts believe that Sony was about as upfront as it could have been about the situation.

I think the public apology was a good step forward. Sure, people are still angry about the whole fiasco, and quite rightly, but I expect that to fade in time.

How about you Nick, would you be happy to supply Sony with your Credit Card details now?

NICK: You know, when Sony came out and confessed that the hackers may have accessed credit card details, despite there being no indication that they did, I quietly sat back and watched the sudden boom of media reports urging PSN customers to cancel credit cards "just in case". Now we've since discovered that the CC information was all encrypted and it doesn't look like the hackers accessed it anyway, a lot of complacent people like myself can rest easy that they won't see thousands of dollars charged to their accounts.

For me, the PSN security breach wasn't so much about not being able to play games online or even having my credit card details potentially compromised - it's more an indication of how much inherent risk there is in putting our information in the cloud. In recent weeks we've seen Sony, Amazon and even our US cousins at Gawker hacked, with user details made publicly available by nefarious types. Yet despite these security breaches, we're putting more and more information about ourselves into the internet, whether it be via our Facebook/Twitter accounts or through third party services like the PSN. And no matter how bad the breach, I can't see that overall trend changing in the future. We're moving to a world where all our information is stored on a server somewhere outside of our control. And if you want to engage with the world through the wonders of the internet, you're going to need to give over that information willingly.

The question now is how corporations like Sony can step up to ensure that it takes the security of its customers seriously. And thankfully it looks like security is becoming a priority for the Japanese giant. Would you agree?

MARK: I don’t really know that Sony has a choice now! The strength of their brand is dependent on how they respond to this crisis and, so far at least, Sony is making the correct noises. It now has to focus on putting that rhetoric into action. In terms of the broader situation, the most positive thing to come from this whole situation is this: every single company holding credit card details has just received a giant, Simpsons-style boot up the arse. They’re now very aware of how important security is when it comes to the personal details of their customers. Sony has been the unfortunate sacrificial lamb here, but best believe that Microsoft, Apple, and every other company out there has been taking a good, long hard look at their security measures.

NICK: You're right - I'm almost willing to forgive Sony purely on the basis that they've become the poster child for what can go wrong, but I doubt that same forgiveness can be passed on to any other companies that experience the same fate in the future.

In any case, I think that what Sony needs to do now is publicly preach caution to its customers - we're all overwhelmed by spam on a daily basis, but chances are that's going to get a lot worse in the near future, given the amount of information that was hacked...

MARK: In a strange way, the whole situation has sort of forced me to re-evaluate the brash, devil-may-care attitude I have with my personal details online. Facebook, paypal, online banking, Xbox LIVE, PSN, iOS – a lot of places out there have a lot of information stored about me, personally. This whole incident has me questioning exactly what I divulge, and where. I think, in the long term, that’s probably a good thing.

NICK: I'm the same, but it's one hell of a way to discover just how much information we willingly share with giant, faceless corporations...


    Agree agree agree...but...
    It is fine to not have some information on social networks. Agree completely with that. But when it comes to PSN, Amazon and maybe even xbox live (not sure, don't have an account). You 'have' to give a lot of information about yourself to use most of its features. One can not buy from Amazon without a billing address. Buying on a credit card with the wrong billing address can be seen as fraud. Buying from PSN with the wrong information can also be seen as fraudulant under most countries' credit acts...so what to do? Here is one solution that I would take full royalties on if anyone decides to build it:

    Solution Ultimo: Build PSN DLC kiosks. Like an ATM machine that is located in a suitable location like KMart, JBHiFi, HN etc. You pay CASH or eftpos of a DLC, it gets downloaded and written to DVD. yeah fine it takes it out of the comfort of your living room. but it is a sacrifice some people might just make to not have their data online.

    Another solution: Paypal. Centralised data of money detail and you don't have to store CC or bank detail on every social/media network you are on.

    I think there are ways and means around having too much information on the net. But not all the sites or media on the net supports it.
    I do think that this should kick off a massive audit on other sites' security to let it not happen again.

    All of the above said. So far, no CC data has been stolen and I keep an eye on my statements almost daily. I also have CC insurance which means I won't lose any thing. So, generally I'm more worried about a kidney failure than CC at the moment.

      I don't know how it works on PSN, but on XBL you can buy point cards and live subscription from retailers, you can even pay in cash.

      This is all well and good, but what of those in this instance that used their same email address and password from their PSN login for their PayPal account.

      Regardless of whether Sony had the credit card details stored, I'm sure there are a lot of people that use the same sign in and password for a number of different services without the anticipation that one could directly effect the other. All any hacker has to do is script a method to try the same username/password combination in eBay, PayPal, Windows Live, Facebook, etc.

      Expecting your average person to have a seperate email address and password for every online service they subscribe to is a bit much. I would have expected that the password to the account to be encrypted just as much (if not more) than a credit card.

        Agreed. I never use the same password for social media, banking or credit cards. Even my email password differs from facebook as an example. That being said. Storing passwords in plain text has always been the First and worst thing that you can do wrong on a database. A simple salt-hash-and-compare encryption goes a long way. and you only ever store the encrypted password to begin with. Brute force breakable? yes, but might take years. Pretty sure unix/solaris/old as hell os used this encryption ages ago. pretty standard.
        And so Sony learns, the hard way.

        I like the idea of the xbox and iTunes "cash" cards. Still think someone can build the PSN/DLC kiosk and pay me royalties :)

          you do realize there are PSN cards right?

    I saw the news this morning and it showed the 3 of them bowing, I guess in apology... it just struck me as the way a kid keeps quiet in a minutes silence. A formality... this is what's expected, without understanding why.

    I wouldn't say the damage is irreperable, and I doubt they'll lose too many customers over it... but it's planted a seed of doubt.

    Perhaps I'm xenophobic, but I've always found Sony and Nintendo as having a problem dealing with the western world... I don't think they understand it, and I feel Sony have been taken hugely by surprise at the response this has provoked.

    Sony failed. They only apologized because they had to. I can't say I feel sorry for the 3 guys in the picture because they make more money than I ever will.

    Sony is going to have to take it on the chin.

    When the PSN went down at first I was like eh who cares I don't have any games I really enjoy playing online at the moment anyway. Later on when Sony finally decided we were worthy of being told SOME kind of truth I was pissed. I still am very pissed.

    Sony owes it to me to be upfront when it comes to my personal information.

    Compensation doesn't mean anything to me. A free download of something and a 30 day membership to a service that I don't think is worth a few bucks won't get my personal info back.

    Just make sure this crap doesnt happen again.

      it would surprise you how many times info like this would be hacked from these places and the public never knowing.

      Sony apologised because they had to true, but they were mostly upfront about it(one could argue because their would have been questions for months otherwise)

      Companies, forums anything they all get hacked at come point. and your data gets out. Whether its a credit card or a password combo that can be used to access your email account.

      Companies mostly will avoid announcing it, unless theirs a risk that financial data gets out.

      Quite frankly so long as your CVV numbers are encrypted when theres a fraudulant charge on your card you should be yelling at your bank. Because if they have bruteforced their way into a charge the bank should have cancelled the card due to suspisous activity

    i think sony needs to learn from the reason, not the outcome. large corporations and their corporate lawyers are to blame here. all these idiots sticking up for multi-national companies who are purely in business to make as much money for their shareholders as possible using whatever bully tactics they can. guess what, sony wouldn't do the same for you.

    i am actually happy with the situation. sure some info got stolen, but it brought the issue to the mainstream which is the only way for all these mindless drones to learn.

    and no they did not do everything possible, stop being one of the mindless defending drones. they wanted to save face, why release early if you can potentially cover up later? NUMBER ONE priority should have been disclosure so all the PSN users could do what they could as early as they could

      as i said earlier i bet your details have been stolen before and you were never notified.

      Sony done more than was needed. Over what would have been a peak holiday period(remember it was easter)

      If everytime a company got even hacked a little bit they came out and said oh you know there was a wee bit of hacking going on so your info may have got out.

      no one would have data ever again.

      It's a good reason to use a combination of internet banking and a empty visa debit account.

      move money into it when you plan to spend it. If the stuff ever gets leaked charges will be rejected due to an absence of funds.

      There's plenty of simple steps the consumer can take to avoid issues if their stuff gets out but they often don't make use of them.

      Primary i think is make sure that whatever card you use for online payments has no Credit ability. and has a limited amount of funds in it at any one time.

      it's not hard to have a card for online transactions and one for offline.

      The hack could have happened to anyone. as stated in the article. The issue here shouldn't be sony, but internet security.

      Care to explain what else could of been done?
      They brought PSN down.
      1) Informed people about the Breach.
      2) Informed the public about personal data being stolen and the possibility of credit data being stolen.
      3)Sent emails out to all effected. Hired 3 external companies to review there PSN security + investigate the breach.
      4)Informed and requested help from the FBI and HomeLand Security
      5) Are increasing security (physical and digital)
      6) Creating new jobs for security personal
      7) Created a compensation program for users. (free downloads + PSN+)

      That is a fair bit done within a very short timespan (we were informed of things often with 24 hours of SONY learning about it) -- what more do you want? Most companies take months to do less than this!

        This. Very much this. What more could they have done? They brought the PSN down as soon as they figured out what happened, to - and this is important - protect peoples accounts.

        I swear, people are acting like Sony is some monster who held onto this for months and are sucking peoples' credit card accounts dry -themselves-.

        And all this, because they wanted to send a strong message to pirates by suing GeoHot.

Join the discussion!

Trending Stories Right Now