After the largest data breach in the history of recorded information, Sony's PlayStation Network is back. The phased restoration was on a country by country basis, beginning in the Americas and Europe, before coming to Australia, New Zealand, and the Middle East.
According to Sony, the first phase of restored services will include:
Sony has announced that the large number of users signing in has meant a problem with the password reset emails being sent out. The large volume of emails has seen a number of ISPs throttling the service as "spam". My own experience is that the email is very slow to arrive, but does come through.
The PlayStation Store was still down for "maintenance" for this whole experience, but today Sony announced that it will be back up "by the end of the week". This will enable:
The PSN and Sony Online Entertainment (SOE) had both been down for almost a month now after the attack on April 20th. Over 70 million user records were stolen, including user names and passwords. Later a further breach of an encrypted data file containing credit card details of European users from 2007 was reported.
Sony has "implemented new and additional security measures that strengthen safeguards against unauthorized activity" which it hopes will stop any repeats of this incident. However, severe damage has been done to Sony, its developers and third-party games makers.
Companies like Capcom say they have been losing a lot of money over the shutdown. Capcom's senior VP Christian Svensson was asked, "Do you have anything to say about the ordeal going down with hackers messing with [Sony] and stealing information from their servers?" Svensson answered that beyond not being able to play the games he loved:
…as an executive responsible for running a business, the resulting outage [is] obviously costing us hundreds of thousands, if not millions of dollars in revenue that were planned for within our budget. These are funds we rely on to bring new games to market.
Obviously users have lost out as well (though I haven’t, because my PS3 is still being fixed – see below for more). Sony has promised freebies for users when they sign back in:
All existing PlayStation Network members will be able to access the following from PlayStation Store:
Two PS3 games from the following list:
For those with PSP accounts, you will also be eligible to download two PSP games from the following list:
In addition PlayStation Plus subscribers will be given a 60 day free subscription (and 30 days for non-PS Plus subscribers), existing Music Unlimited subscribers will be given a 30 day free subscription, and there will also be an offer in PlayStation Home yet to be confirmed.
There has been a lot of speculation about how secure the PSN was to start with and the answer is very elusive as only Sony's security team and the thieves who stole the data know for sure. I'm sure no one at Sony is keen to give up those secrets and the thieves probably won't want to out themselves, so any talk of how secure the network is more than likely to be the idle speculation of "internet experts".
Bloomberg news reports that the attack on PlayStation Network came from a rented server from Amazon.com, after the hackers signed up for the service using fake information:
The account through Amazon's EC2 service has since been shut down, Bloomberg reports, quoting unnamed sources. While the FBI continues to investigate the breach, resulting in the PSN being down for 22 days now, the use of Amazon cloud computing to carry out the attack is likely to have repercussions.
In addition to concerns over cloud computing security, Amazon's probably going to be subpoenaed in an effort to trace the hackers. Law enforcement sources wouldn't say if that has taken or will take place.
The organisation of hackers, Anonymous, are currently arguing amongst themselves about whether they were involved or not.
Even today a new attack hit. Sony's PlayStation Network password reset system suffered from an exploit that allowed attackers to change your password using only your PSN account email and your date of birth – information leaked in the first attack. This was not a hack of the system, however, it was a URL exploit that has since been fixed.
Still enough to keep you worried and checking your credit card for potential theft.
From software to hardware
I mentioned in a previous blog that my PS3 had suffered the Yellow Light of Death. I am still waiting for it to be repaired.
After the initial blog I was contacted by a number of other sufferers, whose machines had died, including our magazine editor. His tale of woe includes having to contact American Express via letter as there was no email option.
I was able to get my credit card details of the purchase and took it in to Gamesman, where I bought the PS3. Gamesman was bought out by EB Games a few months after I bought my PS3, and a loophole in the Consumer Guarantees Act (CGA) sadly means that EB Games doesn't take on any of the CGA liabilities. So no replacement PS3 for me, or so I thought.
I got a phone call from Gamesman the following day saying that it would actually help me with my claim. Whether this was because it somehow discovered I work for Consumer NZ, or because it was being very customer-friendly, I don't know and don't mind.
After a few back-and-forth phone calls with Gamesman, my PS3 is now with Sony. Sony is going to check it out (which means it has to wipe my hard drive). But chances are looking good that I will finally get back my PS3 in a working condition.
UPDATE: I got it back! Sort of. This weekend the Gamesman rang me to say that Sony had sent the unit back fixed. I was quite happy.
As it turns out the unit was actually a refurbished model and not my original one. Swapping for a refurbished model is something electronics companies (like Apple) seem to be doing a lot more these days.
Consumer NZ is firmly against this practice as we think it goes against the letter and intent of the Consumer Guarantees Act. The CGA says repair, replace or refund. And the fact that refurbished models are not new and are not your original device means that they aren't really a valid replacement. It is our opinion that if you are given a refurbished model you should not accept and ask for a new replacement instead.
I was already pushing my luck and because I wasn't covered by the CGA, I caved and took the refurbished PS3. Having said that I was very grateful to the staff at Gamesman on Cuba St who were a great help and kept in constant contact with me (I checked and they didn't know I worked for Consumer).
I spent a good portion of the weekend resetting my account details and playing my newly arrived copy of LA Noire, and the machine ran smooth. It took a lot of waiting and phone calls, but I'm glad my PS3 is home.