Sony chiefs bow to inevitable and say sorry for PlayStation hacking

Sony executives have made a public apology after a massive security breach that caused the loss of personal data of about 77 million accounts.
By The Newsroom
Published 1st May 2011, 17:26 BST
Updated 2nd May 2011, 00:03 BST

Three senior company figures bowed three times, holding their heads low for several seconds, at a press conference at Sony's Tokyo headquarters almost two weeks after accounts were hacked.

Sony said account information, including names, birth dates, e-mail addresses and login information, was compromised for players using its PlayStation Network (PSN).

Hide Ad
Hide Ad

While the firm repeated its claim that there was no direct evidence the data was ever taken, it could not rule out the possibility. All players were advised to change their passwords.

Data from about ten million credit cards is also believed to be involved, but Sony said it still does not know whether information was actually stolen.

Kazuo Hirai, chief of Sony's PlayStation video game unit and one of the executives who made the traditional style of Japanese apology, said: "We deeply apologise for the inconvenience we have caused. I see my work as first making sure Sony can regain the trust from our users."

Mr Hirai said parts of the service would be back this week and that the company would increase security measures. But he and other executives acknowledged that not enough security precautions had been taken, and promised the firm's network services were under review to prevent a recurrence.

He said the FBI and other authorities had been contacted to start an investigation into what the company called "a criminal cyber attack" on Sony's data centre in San Diego, California.

The PSN has been shut down since 20 April after Sony first suspected it was under attack by hackers on 17 April. The network, which serves both the PlayStation videogame machines and Sony's Qriocity film and music services, links gamers worldwide in live play, and also allows users to upgrade and download games and other content.

The firm said it has added software monitoring and enhanced data protection and encryption as new security measures. The company said it would offer "welcome back" freebies, such as complimentary downloads and 30 days of free service around the world, to show remorse and appreciation.

According to Sony, of the 77 million PSN accounts, about 32 million are in Europe, 36 million are in the United States and elsewhere in the Americas, and nine million are in Asia, mostly in Japan.

Hide Ad
Hide Ad

The Sony data breach is one of the biggest ever, though it is difficult to compare attacks.The most successful credit card thief was Albert Gonzalez, who stole the details of more than 170 million credit and debit card numbers between 2005 and 2008, hacked from US department stores.

In November 2007, HM Revenue & Customs lost computer disks with names, addresses and National Insurance numbers of 25 million Britons. The US department of veterans affairs made a similar gaffe in 2006 when 26.5 million social security numbers were stolen.

Data security expert Graeme Batsman said Sony was five to ten years behind on data security, based on its own admissions. He said: "It is bizarre that passwords were not encrypted. Strong, simple one-way encryption would have made it harder to decrypt, if leaked.

"Companies need to wake up. Most companies I see do not seem interested in securing their data, or think it will not happen to them. Nothing computer related can be made 100 per cent secure … (but] multiple barriers should be put in place, to slow or stop attacks."

Pressure is mounting on Sony to compensate players.

Yoh Mikami, a writer specialising in electronic security in Japan, said: "What became clear is that Sony didn't even know its server had a vulnerability.

"Sony's crisis management came too little, too late."

Related topics:DataJapan