Despite the fact that it is both a holiday and a Sunday in Japan, three Sony executives held a press conference today to discuss the PlayStation Network outage. Kazuo Hirai, President of Sony Computer Entertainment, Shinji Hasejima, Senior Vice President, Sony Corporation, and Shiro Kambe, Senior Vice President, Sony Corporation were all onstage in Tokyo today to detail the PlayStation Network outage in detail, and to talk about the plans for restoration of the service, and what they are going to do in terms of compensation.
First, Kaz Hirai spoke from a prepared statement, saying “We would like to extend our apologies who we invconvenienced and worried because we potentially compromised their data. We offer our sincerest apologies.” In fact, the entire mood of the event was very somber and reserved, will all three men looking extremely serious. Not the normal atmosphere for a Sony press conference around the PS3.
Next, they detailed most of the history that we already know: On April 20, Sony Japan was alerted to unusual activity in their some of their servers, which are housed in an AT&T service center in San Diego, California. That activity had taken place from April 17 through April 19th, and when they were informed on the 20th, they turned off the servers and immediately launched a full investigation and engaged a US security firm to mirror the servers and begin their own investigation. They quickly determined that this was a highly sophisticated attack by a skilled individual.
On April 24, they also engaged a security firm who analyzed a large amount of data, and on April 26 they posted all of this information on the PlayStation blog. They reiterated that the three or four digit security codes were not compromised, and that no confirmed cases of damage caused by the lost data have been reported. Staying on top of this remains their top priority. They have since asked the FBI to conduct an investigation as well, and they will share any information from that as soon as possible.
Shinji-san addressed the matter in which the hacker gained access to the servers, most of which was described in this image that I’m calling “The Language Barrier.” Apparently the individual created a tool inside the server firewalls, which gave them access to the servers and the information. They pointed out that while there are up to 78 million accounts on the PlayStation Network and Qriocity, but there are only 10 million users with credit card accounts that were possibly affected by this. Besides credit cards, the networks also take PSN Cards and electronic payments or e-money as payment, so some accounts were created that way.
They also discussed some of their new security measures. These include:
- Accelerating the move, which was already planned, of the data server in San Diego to a new location with more advanced security.
- Enhancing detection capabilities for unauthorized intrusions, adding automated software monitoring, enhancing levels of data protection and encryption and the ability to detect unusual patterns in the server. They will also be installing additional firewalls.
- They are creating a position of Chief Information Security Officer who will report to Shinji Hasejima.
- There will be a system software update to the PS3 that will force users to change passwords. “We regret that we are causing this inconvenience,” they said. Additionally, the password can only be changed on the same PS3 on which the account was created, or through validated email. No doubt this will cause issues for some users.
Users should also be vigilant and check their own credit card statements and purchase histories and change their passwords on other accounts and services. They pointed out that Sony will not contact you to ask for account information, and that they will be covering the cost for theft protection services. They are also looking into covering the costs for users who decide to cancel their credit cards and get new ones.
By the end of next week, Sony hopes to restore some services to the PlayStaiton Network, including:
- Restoration of Online game-play across the PlayStation®3 (PS3) and PSP® (PlayStation®Portable) systems
- This includes titles requiring online verification and downloaded games
- Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers
- Access to account management and password reset
- Access to download un-expired Movie Rentals on PS3, PSP and MediaGo
- PlayStation Home
- Friends List
- Chat Functionality
Additionally, Sony will be offering a “Welcome Back” program, that will include:
- Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
- All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
- Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service.
Sony mentioned the hacker collective Anonymous several times by name, and mentioned that Sony at large had also been under several other attacks for the past month and a half across multiple systems. They aren’t sure if these attacks are related, or if the main PSN outage was organized or enacted by Anonymous at all, but they have received multiple threats and warnings from that group.