Monday, 2 May 2011

Sony to reveal PlayStation hack probe findings


Sony will reveal details of its internal probe into a massive theft of personal data from users of its PlayStation Network on Sunday, plus a timetable for bringing the network back into action, it said.

The electronics giant said Saturday it would hold a news conference on the security breach of the online network, which may have involved the theft of credit card details and which it said this week was carried out by hackers.

The PlayStation Network and Qriocity streaming music service were shut down on April 20 after what Sony described as an "external intrusion" and remain offline as the company upgrades security and works with Federal investigators.

The United States, Britain, Australia and Hong Kong are investigating the hacking and theft of personal data from the network, which has 77 million users worldwide.

A US House of Representatives panel Friday sent a letter to Kazuo Hirai, chairman of Sony Computer Entertainment America, with questions on the data breach.

"Given the amount and nature of personal information known to have been taken, the potential harm that could be caused if credit card information was also taken would be quite significant," said the letter from a panel of the House Committee on Energy and Commerce, which was posted on the Internet.

Sony has said users' credit card data was encrypted but could not rule out the possibility that card data was obtained by hackers.

The committee also asked Sony to explain why it believes credit card information was not taken despite being unable to determine the exact scale of the theft.

"The fact that encryption was being used on the credit card data is to be welcomed -- as it reduces the chances of stolen information being used for fraud," Graham Cluley, senior technology consultant at Internet security firm Sophos, said on his blog.

"However, there still remains the question about just how strong the encryption is that Sony used."

Britain's Information Commissioner's Office said it had contacted Sony, while Australia's Privacy Commissioner Timothy Pilgrim said he had launched an investigation.

"We're seeing more and more now information being held globally, and it's more incumbent upon organisations to make sure they do have strong security systems in place to protect that information," he told broadcaster ABC earlier this week.

Hong Kong Privacy Commissioner Allan Chiang said he was probing the breach and met with local Sony official Katsuhiko Murase who told him 400,000 Hong Kong PlayStation Network user accounts were involved.

He said Murase told him the account information compromised includes the name, address, country, email address, birthdate, PSN password and login, and PSN online ID of users, but there was no evidence credit card data was taken.

Sony is being sued in a US court by gamers who have accused the company of being negligent and breaching its contracts with PlayStation Network users.

The company has not indicated whether it has identified a culprit in the intrusion.

Internet vigilante group Anonymous had vowed retribution against Sony for taking legal action against hackers who cracked PS3 defences to change console operating software.

No comments:

Post a Comment

please poll if you like this site?