There's no proof of this whatsoever. And as I stated before, letting users know within a week is pretty damned fast.

No proof? Sony issued a statement that flat out said that they didn't tell users of potential exposure because they "didn't want to panic anyone".

That's pretty damning evidence of putting their PR concerns above the concerns for the health of their users identities.

I'm glad you think sitting on that information for a week is "fast". But when it comes to my livelihood and financial well being, any hesitancy is too much.

If you want a good example of how a company should handle a security breach was the late April hacking of Epsilon, which is linked to Best Buys customer records. On April 22nd, a security breach was discovered and it was unknown how much information had been lifted, if any, on April 22nd, I received an email from Best Buy/Epsilon warning me of possible card theft/phishing attempts that might arise from said breach. As well as what I should beware of and how to protect myself.


EDIT: sorry, their exact words were that they delayed notice because they didnt want to "lead [Sony's customers] to take unnecessary actions if the information was not fully corroborated by forensic evidence."

http://www.gamesradar.com/ps3/playst...14115917309058

Thanks for doing the legwork, and cosigned.

Just a heads up from the retail side of things. Since this started, I have not sold a single PS3/PSP game, system, or card.


I have, on the other hand, sold lots of 360 and Wii/DS stuff.

Funny since I, Booster Gold, have purchased four offline based PS3 games since this started (granted I returned one that gave me a headache). I've bought Dragon Age, Dragon Age II, and Final Fantasy XIII... the one I bought and returned was The King of Fighters XII (something about the classic animation style and my 50" screen created a perfect storm of visual irritance, I think).

I have bought a bunch of computer games.. and am very upset I cant co-op portal 2 with my roommate.. Oh well.. back to Eve, Mass Effect (I and II), Fallout: New Vegas, Battlefield Bad Company 2.

I'd be interested to see how this affected XBL subscriptions.

Exactly. There wasn't any proof yet, and if they jumped the gun and were proven wrong, that would've gotten them in more legal trouble. SOP for computer forensics, and forensics in general.

Probably not much. Even superanalyst Michael Pachter claimed this would hardly affect Sony's install base, and he's usually right on the money. (Which is why he's paid so much of it.) Though I'm sure MS is conducting a thorough review of their own security practices.

More legal trouble for warning customers for potential risk? Bullshit. Precedent for that claim?

In the Epsilon example I cited, it turned out the credit information was mostly safe, and there hasn't been any legal backlash for their warning people without knowing for sure if their information was at risk.

The attacks began on April 19th, the plug was pulled on the 20th specifically because customer databases had been accessed. And yet it was a week before Sony came clean about it.

The timeline Sony submitted to congress is pretty clear about what was suspected and what wasn't, when it was suspected, and that it was the reason the plug was pulled in the first place.

It was a PR ploy to keep Sony looking good. Which is why their stance on user information changed over the course of that week, until they finally had to admit the truth. (In the beginning they flat out denied that customer service records were accessed, and now they claim they weren't sure, but in the timeline submitted to congress it states that they pulled the plug when it became known those databases were accessed.)

Watch the timeline close enough and you can clearly see Sony covering their asses over the concerns of keeping customers informed of being at risk.

FYI I made a mistake, the Epsilon hack was March 30th, not April 20th. But the correspondence was within 24 hours of ID'ing the breach. Brest Buy wasn't alone in speedily notifying customers this is a list of companies who made swift notifications: Best Buy, Capital One, JPMorgan, Citibank, Kroger, Barclays Bank of Delware, Visa, American Express, US Bank, TiVo Inc. and Walgreen Co, Robert Half, Kraft, Home Shopping Network, QFC, Marriott Rewards, Ritz-Carlton Rewards, Ameriprise Financial, LL Bean Visa Card, Brookstone, Dillons, the College Board, McKinsey & Company, New York & Company, Disney Vacations, Staples, TIAA-CREF, Verizon, Borders, Smith Brands, Abe Books, Lacoste.

I refer back to my earlier statements about the HMO and the bank. Those took months to inform customers of the data loss, and the data itself contained much more private and serious information (like SS numbers). 6-7 days is still incredibly fast, any way you want to spin it. Did Sony make mistakes? Of course. But they're completely undeserving of the insane amounts of hatred being flung their way, when it was the hackers that truly deserve folks' wrath. There's a double standard at work here, and it's been that way for a while when it comes to Sony.

This is the first that, I, Booster Gold, am even hearing about this Epsilon/Best Buy thing and I'e had a Best Buy Credit Card (and Rewards cards) for well over four years now... sounds like they dropped the ball to me. You've actually made me feel less secure about THAT with all your talk about it. I think I might cancel may Best Buy card, now, if only because I was never notified of such a breach.

Do you purchase online through their website? If not, then you weren't affected. The Best Buy card is handled through HSBC Bank Nevada, which wasn't affected. However, because I use my Reward Zone Mastercard through Best Buy's online cart...I was affected. However, there were a pretty long list of companies who did use Epsilon, so you never know.

Oh, okay... I, Booster Gold, will usually check their site to see their prices, but I never actually buy stuff from it.
I always go into the store, grab what I checked on, then browse around for other stuff. Thanks for the info.

~I could've given you the same info, sir.~
Yeah, well I didn't ask you, now did I?

I dunno Mac, the problem is that this isn't the first time Sony has been less then forthcoming with service problems on their end. This is just the most serious case of Sony being less then communicative about the cause and effect of service interruption. And less then a year after the ApocalyPS3 debacle. Granted they fixed that issue pretty fast, they were still pretty tight lipped about the clock issue that caused it.

I don't think they've earned any leniency from users, because they're notoriously silent about their service failures, and this was one time, they needed to be upfront and open. If a consumer wants a company to change policy, they don't get it by being silent and not being critical. Ya' know?

I, Booster Gold, would like to point out that the ApocalyPS3 happened last March (making it over a year ago), and that it only effected older "Fat" PS3's... but that was different... it wasn't a hack attack. AS for being silent about the failures until they know exactly what is wrong and how to address... well... thats just a Japanese trait.