Sony executive Kaz Hirai apologized to gamers around the world today in a press event in the wake of the 10-day outage of the hacked PlayStation Network.
Hirai and other Sony executives apologized to users immediately upon coming out on stage at a press conference in Tokyo. As they did so, they bowed in front of the press. The executives described what happened with a “highly sophisticated attack” against the PSN.
Hackers attacked the PlayStation Network on April 19, forcing the Japanese company to bring down the network, which has more than 77 million registered users. The outage has been one of the most humbling corporate events for Sony. The security gaffe, which happened at the same time that Amazon’s web services data center crashed, could shake the faith that consumers have in the internet cloud, where corporations say they will protect their personal data.
“This criminal act against our network had a significant impact not only on our consumers, but our entire industry,” Hirai said. “These illegal attacks obviously highlight the widespread problem with cyber-security. We take the security of our consumers’ information very seriously and are committed to helping our consumers protect their personal data. In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks.”
Speaking through a translator, Hirai said, “We advised customers to be vigilant” about the possibly stolen credit card numbers. He said that Sony is cooperating with authorities in a criminal investigation in pursuit of the hackers. Hirai said that as many as 10 million credit cards numbers may have been stolen. That number appears to be all of the credit card numbers that Sony has, since many of the 77 million registered users log into the network and play online for free.
In making the announcement, Sony pretty much followed the script I offered it. That doesn’t mean I knew a lot about what they would do or that I am especially smart. Rather, it was just so obvious what the company had to do, and it was surprising it took 10 days to do it. Still, it was good that Sony’s executives talked to the press and answered all questions from the media, at least as well as they could. They stayed on stage for an hour and 42 minutes. In that respect, Sony may have earned some good will tonight and begun the process of repairing its damaged reputation.
The apology press event took place in Japan at 2 pm Sunday Tokyo time, or 10 pm on Saturday evening Pacific time. Hirai, (pictured above), is representative corporate executive officer and executive deputy president of Sony as well as head of the game business. He was joined by Shinji Hasejima, senior vice president and chief information officer at Sony, and Shiro Kambe, senior vice president of corporate communications at Sony.
Sony said it wasn’t sure whether hackers had stolen users’ credit card numbers, which were encrypted. But users have begun to complain about false charges on their credit card accounts. Other corporations can’t be smug as they watch Sony and Amazon recover, since no one can be certain that their networks are secure from hackers or technical glitches.
The PlayStation Network is Sony’s all-important hub of the digital age. It enables PlayStation 3 and PlayStation Portable users to go online and find more content to download to their machines, from movies to TV shows. The PSN also hosts Sony’s Home virtual world and its console-based Sony Online Entertainment games: Free Realms and DC Universe Online. Also, the service allows users to store their saved single player games and engage in multiplayer combat online. The Qriosity service, which also went down, gives users access to online movies and music. In other words, the PSN and Qriosity are central to Sony’s survival in the digital age.
Back in March, Sony chief executive Howard Stringer concentrated more power in the hands of Hirai, who once headed the U.S. PlayStation business for Sony. Hirai is now the No. 2 executive next to Stringer and may be in line to succeed him when Stringer steps down around 2013.
The problem for Sony is that this story, like the outage itself, has refused to die. We’ve run 15 stories about it so far, mainly because users seem hungry for more information because there just hasn’t been enough detail coming from the official source. Sony has been good about putting updates on the PlayStation blog, but it hasn’t been fast enough.
For instance, the company said the attack occurred on April 19, forcing Sony to shut the services down. Sony notified users on April 22 that an “external intrusion” led to an outage. It hired forensic computer investigators to figure out what happened. After their initial inquiry, Sony announced on April 26 that personal user data for all 77 million of the PSN and Qriosity services had been compromised and their credit card numbers have been stolen. On April 26, Sony began informing all affected users of the possible credit-card data breach.
Hirai said that hackers penetrated a web application server and made a tool to give themselves illegal access to the database. They were able to access a database with data that included credit card numbers.
Hirai said the company is moving servers from San Diego, Calif., to a more advanced data center with better security. It is also installing more security systems with automated software management and enhanced levels of data encryption and better ability to detect data intrusions. The company is adding more firewalls too,and it is adding a new chief information security officer, reporting to Hasejima. PS 3 will have a new system software update requiring users to change their user names and passwords. The password can only be changed on the same PS 3 on which the account was created or via validated email.
To deter identity theft, the company is asking customers to be vigilant and check their credit card statements. Customers can check their purchase history on the PSN via Sony’s customer support system. Sony said it will not ask for credit card numbers and warned users to beware of possible phishing schemes sent via email. Sony will consider covering the cost of reissuing credit cards if consumers wish to do so. It will provide a complimentary offering for identity theft protection services in each affected country.
The company will roll out a program with a selection of premium services for consumers. This “welcome back” content will have free downloads, and 30 days of free PlayStation Plus network service. Normally, Sony charges extra for the Plus service, while membership in the PlayStation Network is free. Current members of PlayStation Plus will get 30 days of free service. Music Unlimited, powered by Qriocity, subscribers will get 30 days of free service in countries where it is available. Sony could not quantify the value of this free service and content offering for its users.
The company is planning on restoring the services as soon as it can, with some services starting this week. Hirai said that Sony’s network services are key to its strategy and that it will continue to strengthen them and learn from this incident. The attack targeted Sony’s data center in San Diego, Calif.
Separate from the attack that brought down the PSN, Hirai said that Sony’s sites had been subjected to attacks from Anonymous, the hacktivist group that targeted Sony during its litigation with “jailbreaking” hacker George “Geohot” Hotz. During these attacks, hackers dug out personal information on Sony executives and published it on the web. Sony is cooperating with authorities on those attacks as well.
In closing, Hirai bowed again and apologized again. Responding to press questions, Hirai said he had received questions about the matter from members of Congress in the U.S. and would answer the questions. In about a week’s time, the service is expected to restart. Hirai said he had not received reports that actual damages had been incurred related to the credit card exposure.
Hirai said Sony will advise users to change their passwords and not use the same ones over again. He said Sony has operated an online gaming network since the launch of the PlayStation 2 and has had to deal with online security for a long time. But he noted that the new situation is different. He noted that Anonymous has been attacking different corporate sites around the world for quite some time.
Sony’s network services are core to its strategy and it has to improve its security, Hirai said.
“We are living in a network society and we will deal with this kind of situation the best we can,” he said.