Sony network down until next week
PlayStation owners will be without online gaming until at least Wednesday, Sony has warned, following a huge security breach by hackers.
In its latest update to the PlayStation blog Sony said: “Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday.”
The PlayStation Network and Qriocity music streaming service have been shut down since 20 April, when the breach was detected.
Hackers stole personal details belonging to 77 million users including names, addresses, email addresses, birth dates and passwords.
The firm today said it has begun to move its data infrastructure to “a new, more secure location” in response to the raid.
“We want to be very clear that we will only restore operations when we are confident that the network is secure,” it added.
Sony also admitted today that the stolen personal data was not encrypted, as security experts have suspected since it first disclosed details of the breach on Tuesday.
“The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack,” it said.
Joseph Bonneau, a researcher at the University of Cambridge Computer Laboratory, told The Telegraph that passwords especially should have been encrypted, because users often reuse the same memorable phrase for multiple services.
Bruce Schneier, chief security technology officer at BT and a world expert on cryptography, agreed. Asked if Sony should have known better, he said “definitely”.
A separate credit card database was encrypted, Sony said, and its investigation has still found no evidence it was taken.
Sony is expected to face a barrage of lawsuits over the breach. The first, filed by 36-year-old Kristopher Johns, of Birmingham, Alabama, accuses it of not taking “reasonable care to protect, encrypt, and secure the private and sensitive data of its users”.
His federal complaint also alleges that the week that elapsed between the breach and Sony’s announcement on Tuesday did not allow users “to make an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions" .
Dr Larry Ponemon, founder of the information security think tank the Ponemon Institute, said the fallout from incident could cost Sony more that $1.5bn. Sony’s share price is already under pressure, having it closed down almost 4.5pc in Tokyo, at ¥2,260.