Sony Boss Defends Week-Long Wait In Notifying PSN Customers Of Breach

Sir Howard Stringer, CEO of Sony, sounded less apologetic and more prickly when asked today about the PlayStation maker's slowness in informing PlayStation Network and Qriocity subscribers of an attack on the company's network.

Reuters reports that Stringer fired back at critics who questioned Sony's promptness after the April attack on the company's PlayStation Network. His testy response is in contrast to the humble apologies issued by Japanese executives at the beginning of May.

Stringer also endorsed PlayStation boss Kaz Hirai's efforts during the breach and subsequent downtime for PlayStation owners.

As for the financial impact on Sony? "The charges mount up, but they don't add up to a number we can quantify just yet," Stringer said.

Sony defends response time to hacker breach [Reuters]


Comments

    I've got one thing to say to Howard Stringer in regards to that "43%" remark;

    Pics or it didn't happen.

      Oh, people can come up with statistics to prove anything. 14% of people know that.

        43% of all quoted statistics are pulled out of someone's ear to cover up for the lack of real data

    It boggles me that anyone even expects an apology from Sony.

    No system is safe, there will always be someone out there that can get through any measure of security you have.

    The difference between Sony and the people with sand in their proverbials is, Sony just don't blurt out information to people without knowing the full story. We leave that up to the mass media.

      You go to the bank to get some money out. Turns out they don't have any, because somebody walked in pretending to be a bank manager and walked out with all the money. You're not annoyed?

        Exactly how are the two related?

        PSN goes down, people continue their daily lives until it's back up with absolutely no consequence.

        Bank has no money, millions suffer consequence.

        Compare apples with apples will you.

          It shouldn't boggle your mind.

          A company with an expectation in and of itself that its systems and security and the security of its customers is safe, isn't. So just because ANYTHING is possible, that someone skilled enough and resourceful enough can break into essentially anything, there should be no expectation upon the service provider to maintain a higher level of security?

          Rubbish.

          Sony reacted well enough to their own flimsy security. However, they will now have the expectation to beef it up and that doesn't happen when they aren't held accountable for their share of the problem.

          Applesauce.

    If what he says is true, then good on him/them.

    These sorts of things become such a media beat-up. Its truly unprecedented. By what standard is anyone measuring Sony's performance here? By the standard of "We need a story that says they've done good and one that says they've done poorly, so find someone to quote on both sides."

    Its like when a snarky reporter asks the police "Could you have done more to save victim of tragic crime?" The answer is always "Yes" we could do more, but would that more have made any kind of difference? And at what cost??

    Again, I am assuming that his figures about other reporting practices are correct above.

    How blind are you fanboys?

    Sony's security measures were inadeaquate on every level. Sure no system is truly safe but that does not excuse Sony's poor attitude towards securing customer information. They slacked on security and got caught with their pants down.

      How do you know they were inadequate? Did you hack Sony?

        How do I know? By reading, mate.

        Plenty of articles out there with input from big names in the field of computer security saying the same thing.

        Just have a look for what Gene Spafford said to the US House of Reps Subcommittee on the matter.

          None of them were responsible for building Sony's system.

          That's called speculation. You're basing your outrage on speculation, your own and that of people who you wrongly believe actually know how the hack occurred, and how Sony's system works.

            I'm basing my "outrage" on the opinions of the only people on this planet worth listening to on the matter. You know, the industry experts who make a living on dealing with these kinds of things and actually knowing what they're talking about.

            Now, would you kindle bring forward your qualifications that puts you in the position to instantly dismiss what they say.

              I'm not dismissing what they say, I'm dismissing what you say. I feel eminently qualified to do that.

              Since you're baiting me for this: What kind of qualification do you possess to instantly verify the opinions of these non-involved, observant experts?

          Do you even know how the hacker got through? This wasn't some kid that woke up one morning and said to himself "hmm might hack PSN today".

          You talk about reading articles, maybe you should approach them with some common sense at the same time. Their security measures were perfectly fine but like I said, you cannot keep that one guy from finding his way in. I'm talking about the guy that had obviously studied the network and his approach to it for some time prior to initiating the attack.

          When Anon hacked Mastercard, do you assume their security measures (the most complex and secure you are likely to find outside of Federal security) were lacking?

          Get a clue.

            Maybe you should get a clue.

            Disrupting access to a website is a FAR CRY from stealing the personal information of 77 million users.

              A website?

              Ok you're more clueless than I first thought. At what point did you gather that every Mastercard holder in the world ran their transactions through a website?

              It was a complete DOS which required an elaborate hack into a server / system, not just a website.

              It's time now to cease illustrating your complete lack of knowledge on the subject.

                Mate, the Anon attack on Mastercard and Visa was a DDOS attack on their websites and that's all it was. No user data was accessed or stolen. They merely brought down their website. People could still use their cards in transactions without risk because the attack was not on any of the servers containing customer information of any kind.

          You must watch too much Today Today - you know, how when some story hits the headlines on the 6pm News, then Today Today do their own segment on it with an investigation and interviews with "industry experts".

          Yeah they usually show that person sitting at their desk smiling as they pretend to type something on their computer. THEY'RE the people you are basing your accusations on towards Sony.

          They came out in masses to tell "their side of the story" cause they have a qualification related to the matter. Bottom line is, the qualified people who helped create the PSN, Sony and the hacker(s) are really the only ones who know how safe or secured the system was. Not these "industry experts" who are looking for their 15 minutes of fame being interviewed or gaining some credit on their resume to speak about the matter.

          People seriously need to realise how unreliable the media are with their statistics or information or the lack of informing the correct information for that matter.

            Pakka,

            Gene Spafford isn't some "expert" that climbed out of a dumpster somewhere for his 15 minutes of fame on a crappy current affairs program.

            ^ agreeing wholeheartedly with this.
            ANY system in the world is hackable. It just depends on the knowledge, resources and cahones of the person or persons thinking about doing it.

            If a system gets hacked, regardless of it's size or importance, it doesn't instantly mean it's security sucked, it just means the person getting in was better.

            Let me hear from one of the 3(?) security firms they used to assist with the breach and I might listen. Not from the hacker(s) because if they have half a brain they're hiding on the moon right now, and not Sony, because they'd be naturally biased.

        I think over a month worth of news stories, back pedalling and misleading press releases seem to indicate they were inadequate.

        Plus you know, the fact they were, like, hacked. I imagine if their security had been adequate, then by definition of the term, they wouldn't have been hacked.

          This is not some simple SQL injection or buffer overflow hack. The person that did this obviously had some very specific knowledge about some of the systems that were comprimised. At a guess I would say that only this person knew about it, otherwise it would of happened sooner and more often.

          like others have said, just because you read some article from some jornalist on the intertubes doesnt mean that it is accurate and correct.

          unless the technicle information divluged has come directly from a sony source. it is all speculation.

    His claims might be somewhat true, that 43% of companies notify victims within a month and most do not even report the situation.

    However, how many times does something happen on such a large scale? We're talking about 77 million accounts here. Sony might have reacted faster, but their situation was also much worse. Interesting how no light is shed on those statistics.

    And I think that's what were forgetting. While no system might be 100% safe, how often does something like this happen? What happened is on a ridiculous scale. It should not have even been possible to achieve, and Sony has no excuses.

    Sony is showing extreme arrogance now in this whole situation

    Howard stringer can go f.k himself

    the games on offer are a joke and sony is now showing its true colours. They don't give a shite and they don't think its such a big issue

    news to sony. its fucking gigantic what happened, ok.

      I reckon the games on offer are great. As soon as I get home at the end of the week I'll be downloading Dead Nation (which I had been planning to buy anyway) and probably Infamous. I'm pretty happy with that for the princely sum of $0.

        I'm sorry, were you under the impression that it costs Sony anything to give you these free games?

          I’m sorry, were you under the impression that it costs you anything to use the PSN?

      Since when were Infamous and LittleBigPlanet considered a joke? I could have sworn they were two highly rated games? Wipeout and Dead Nation are also pretty highly rated. I mean I suppose Sony is sorry that you had to go a month without playing a multiplayer game, God knows that the PS3 has no good single player games ( minus uncharted 1 and 2, Valkyria Chronicles, Infamous, God of War 3, Sly Collection, 2 Ratchet and Clank games, Fallout 3 and New vegas, Heavy Rain, Resident Evil 5, Red Dead Redemption, GTA 4, Batman: Arkham Asylumn, Dragon Age: origins, Mass Effect 2 and a plethara of other titles) you muuuuusssstttt hhhaaaaaavvvveee beeeennnn sooooooo staaaaaarrrrrvvvveeeedddd. I suppose as well you couldn't bring yourself to pull out an old console and play some splitscreen... or better yet go outside and exercise... get over yourself and the PSN going down. How can you still be angry? What do you have to be angry about? Has anything you've ever done or said through anger made your life better?

      Sony dosen't owe you squat, no subtantial reports of credit card theft, the situation happened and its resolved. You get 2 free games, GOOD ONES, and what did you pay for it? Absolutely nothing at all.

      The level of entitlement the common gamer feels is disturbing. If your not forcing developers to "please the fan" by getting rid of their own creative vision during development (having not played the game), your asking for something more than 2 free awesome games for compensation for something that was basically free. Greed.

        The joke is that the majority would already own those games on offer.

        Sony doesn't have to give me anything thats fine, but they have allowed something to occur which should never have happened

        i am currently a not happy customer with them and are very much considering the usage i will have on psn in the future.

        They can give people nothing and continue on and people will remain angry at them, or as they are trying to they are trying to win people back

        The point i am trying to make is if they were serious about this they would not offer games that @ most cost $20 a pop these days and are old AND that most people already have.

        They would offer for example SOCOM 4. This is a game that basically requires PSN to use properly, this would encourage huge usage of the service and yes they would have to write off the development cost of SOCOM 4 as they wouldn't sell that many but that is a small price to pay for the PR damage they have taken out of this, it is significant.

        they could have offered nothing and said sorry and be done with it. instead they are offering old games which is yes better than nothing but no where near as much as they could have done to get people onside again.

        It's going to take a long time for sony to recover from this, a long long time. You might say what a load o fshit people are jumping on psn in droves, yes they are the hardcore. Hardcore is great they will stick with sony, its the fringe people and the casuals that are now extremely pissed with sony and not wanting to use any of their systems.

        And for howard stringer to come out and say this, i mean it clearly shows they have no fucking idea about how big this breach is and they don't give a fuck about it either.

        He is a tool, should never have said that, and should be reprimanded and torn apart in security editorials about WHY HE IS WRONG.

          Also for those of you saying this has blown over what a load of shit.

          Do you honestly think that if identity theft occurs out of this its going to be done within 4 weeks? of course fucking not.

          This will haunt sony for potentially years. Read up on how the crooks build up an identity and you will see why it will take time for them to use this info if they choose to do so and obtain it.

          You guys need to start living in the real world. This is a problem that you should remain vigilant about for at least two years and check credit reports, statements etc when you can.

          They can give me nothing sure, but considering i now have to worry about ID theft and checking everything every so often then that pisses me off, a lot.

          I mentioned yesterday, that Sony are bound by their own catalogue of games, the possibly of getting 3rd party games in this offer would be very slim to begin with, also bound by what's currently available on the Store.

          LBP & inFamous are 2 games that are available now, some others are Warhawk, MAG, God Of War Collection. I believe the latter 3 aren't good options and would cause more trouble, 2 of them don't have a single player component and the others are PS2 games.

          The needed games now, so unless they could have got an Uncharted, Killzone ready for download right now, then they aren't an option either.

          Playing the hypothetical game though, what if this happened to MS? What games would they offer, something from the below list would be likely.

          Halo (3 or ODST or Reach or Wars)
          Gears Of War (1 or 2)
          Fable (2 or 3)
          Crackdown (1 or 2)
          Viva Pinata (1 or 2)
          Mass Effect
          Alan Wake

          These are some of the games from the Games on Demand service which are 1st Party. For me, Fable is the only game on the list that I haven't got and that's because the game simply doesn't interest me.

          The console exclusives are usually the games that the majority of people pick up, so overall I think MS would have the same problem if it happened to them.

            no argument from me oggob, they would only have their own games to choose from

            SOCOM4 is a sony game.... thats why i think its a good choice

            MAG would also have been ok.

    All the other kids are doing it ;)

    All I can say is that we need photos of the servers being hacked! if there is no photo evidence, then it must not have happened. I don't care how gruesome the server hack might have been...the hackers could have 12 pepsi cans and pizza boxes lying around, I still think Sony owes the public the photo evidence.

      If someone doesn't upload a photo of someone slamming a hatchet into a server stack now I'm going to be sad.

      Do you want me to be sad internet? Becuase all the free adult material would lead me to believe otherwise.

    I never got all the flak Sony was getting over these attacks. I mean they did everything they could to get the service back up and running as soon as possible, and didn't report anything until they had the full story about what was going on. Personally I think they handled it very well. I mean, what do you expect? It's 77 million accounts, they have to go through an entire system and find out what happened. Then rebuild the system. Then test the system. For 77 million accounts. :/ It's gonna take a while. Not to mention, you think that Sony is gonna give away top-notch games? Like KZ3 or something just like that? I thought the games were pretty adequate, and you get to choose up to 4 of them if you have a PSP.

    tl;dr, Sony did the best they could, and doubt anyone could've handled it better.

    Mr Stringer, we just want you to say sorry, like you mean it, and not look away...

    ... and give us free copies of Killzone 3.

    Yes Howard Stringer, I'm telling you the week wasn't fast enough. You're a multi billion dollar international company, not a small business that would constitute the majority of your 43% estimation. Pointing out others mistakes does NOT make up for your own.

      just because they are a big company doesnt mean that they can give an answer about what happened within 12 hours of the attack occuring. most of sony's systems would of been secured (i have worked with big companies before and there is a level of security focus), big companies just dont deploy systems or servers without the forethought of security (unlike microsoft who sacrifice sercurity for features but that is a can worms I wont get into).

      in the end it doesnt matter how big or small a company is, you still need time to examine the systems to try and identify what happened and what data might have been comprimised.

      If people think that the bigger the company is the less time it take to figure out, need to get a clue. Anyone who has done any kind of forensic analysis on a malfuncting/comprimised system especially on infrastructure as large as sony's will take some time.

      im not a fanboy by any stretch of the imgination, its just peoples false knowledge and fantasies about everything being instant the annoy me.

        They took it down straight away, they knew something was up. Your argument does not hold in this case, nice try though.

    As a teacher I have learnt not to use rhetorical questions unless you are certain your audience will agree with you.

    Sometimes, it doesn't matter how well you responded to a disaster.

    The fact is it happened on YOUR watch. just like the BP Oil Spill, it happened while you were in charge and while you were overseeing it. And no one can say "these things happen" because this was not a natural disaster. if you want to drill for oil in the first place you better be prepared for the consequences it incurs.

    Similarly if you want to venture into the online business and asks me to trust you with my cc info, you sure as ell better make sure you keep your end of the bargain.

    So no...your 1 week response was 1 week too late.

Join the discussion!