PSN: Pretty Stupid Network?

PSN
Sony's PSN. Don't look for it. It isn't there.

Another day, another big company gets hacked: this time it's Sony, whose PlayStation Network (PSN) has been compromised.

There are two big differences between this one and, say, Play.com's data being hacked. The first is the scale and the seriousness of it, and the second is the reaction to it.

Scale and severity first. Having a few thousand users' data compromised is unfortunate. Having 77 million users' data compromised is disastrous, especially when that data may include addresses, passwords and possibly credit card details too.

The reaction is interesting. Much of the internet, it seems, reckons that Sony is the bad guy here.

The reasons vary. For some, it's because Sony took a week to tell anybody their data might have been compromised.

For others, it's karmic justice for the case against firmware hacker George Hotz, aka GeoHot.

For people who really, really hold a grudge, it's payback for the CD rootkit debacle of 2005.

And for some, it's hubris: what else do you expect if your latest update is an "epic save" that "bests hackers"?

So which side are we supposed to be rooting for here?

Few winners, many losers

I don't subscribe to the "hackers good, companies bad" point of view that you see a lot online. Irrespective of their intentions, the people who compromised PSN have inconvenienced millions of people and possibly exposed them to identity theft or fraud.

It's not as if Sony simply stuck all its customer data in a text file, called it OurSuperSecretCustomerData.txt and left it on the Sony website. Is it?

Well, actually, if Ars Technica's source is accurate, Sony didn't exactly do much to protect users' data. According to its source back in February, crucial data such as credit card details was being transmitted in plain text.

Whether that particular detail is true or not, Ars's advice - use PSN cards instead of credit cards - proved to be prescient.

The details of the incident may still be sketchy, but there's no doubt that Sony's been making a right arse of things since the problems emerged. As GFI Software's Christopher Boyd points out, it's hard to tell what's going on when Sony's taken the whole sodding network down: "It's crucial that access is restored as soon as possible so that users can confirm what information might have been compromised," he says.

If Sony has indeed been sloppy, if it's been committing schoolboy errors such as transmitting personal data in plaintext, if it's failed to act when the flaws have been exposed, then it deserves our contempt - and the hackers deserve our support.

It's a pain if you're a PS3 owner, but surely it's better to have one big high-profile mess than to have details of how to intercept PSN customer details floating around where only ne'er-do-wells and ruffians congregate.

If a company is providing any kind of online service, this should be a wake-up call: if Sony can screw things up this badly, other firms can too. And it should be a wake up call for us, because once again it demonstrates the dangers of trusting your personal data to the cloud and the danger of letting faraway firms hang on to your credit card details.

No matter who's at fault here, it's clear who loses: Sony's customers. At best, they're unable to use a service that's a big part of the PlayStation experience; at worst, they're going to have to keep a close eye on their credit cards for the foreseeable future.

Carrie Marshall
Contributor

Writer, broadcaster, musician and kitchen gadget obsessive Carrie Marshall (Twitter) has been writing about tech since 1998, contributing sage advice and odd opinions to all kinds of magazines and websites as well as writing more than a dozen books. Her memoir, Carrie Kills A Man, is on sale now. She is the singer in Glaswegian rock band HAVR.