Today, Sony issued an official statement about the resumption of PlayStation Network services, starting soon. The company also revealed plans to compensate subscribers with some freebees as part of the “Welcome Back” program, which include 30 days free PlayStation Plus and Qriocity music streaming services. Sony will reveal further details about the freebees on a region-by-region basis.
I attempted to log into PSN early this afternoon Eastern Time, and the service was still down. However, instead of the immediate appearance of the “PlaySation is currently undergoing maintenance” screen, about 10 seconds passed first. That could be sign of nothing, but it’s the most response I’ve seen from PSN in about 12 days.
Hackers broke into PlayStation Network between April 17-19 and stole massive amounts of personally-identifying user data. On April 20, Sony voluntarily took down the network, after discovering the hack. The action may have helped prevent further data losses and allowed Sony, third-party security investigators and law enforcement to begin a forensic analysis of the hack. Meanwhile, Sony works to restore the service with improved security.
To reiterate: Hackers didn’t take down PlayStation Network. Sony did. But they did steal massive amounts of subscriber data, including account IDs, passwords, addresses and phone numbers, security questions, email addresses and birth dates. Sony claims, but cannot yet confirm, that encryption protected credit card numbers. However, recent reports allege that as many as 2.2 million credit card numbers stolen from PSN are up for sale.
In response to the hack, Sony has implemented new security features, which include:
- Added automated software monitoring and configuration management to help defend against new attacks
- Enhanced levels of data protection and encryption
- Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns
- Implementation of additional firewalls
PSN subscribers will directly see some of the new data protection features. Passwords must be changed on the PS3 that activated the PSN account or by validated account email. Sony will accelerate plans to open a new data center, which will be located elsewhere from the one now used for PSN. Additionally, Sony also created the position of Chief Security Officer, who will report to Sony CIO Shinji Hasejima.
“This criminal act against our network had a significant impact not only on our consumers, but our entire industry,” Kazuo Hirai, Sony executive deputy president, says in a statement. “These illegal attacks obviously highlight the widespread problem with cyber-security. We take the security of our consumers’ information very seriously and are committed to helping our consumers protect their personal data. In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks.”
The unusually long statement continues: “Our global audience of PlayStation Network and Qriocity consumers was disrupted. We have learned lessons along the way about the valued relationship with our consumers, and to that end, we will be launching a customer appreciation program for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services.”
PSN will come back with gaming, music and video services, according to Sony. Subscribers will be required to download a PlayStation 3 system update, after which they will have to create a new password before signing onto the network.
“Welcome Back” freebees will become available over the coming weeks, as Sony fully restores PSN to full service functionality. Sony will provide free content downloads, which will be different among the various regions where PlayStation Network is available. Existing PSN subscribers will get 30 days free PlayStation Plus service; existing Plus users get an extra 30 days. Qriocity subscribers get an extra 30 days service.
Sony has taken some criticism — heck, there’s a class-action lawsuit — for not disclosing the hack quickly enough or doing enough to protect the personally-identifying data of as many as 77 million subscribers. “Could Sony have handled the PSN mess any worse?” Gartner analyst Michael Gartenberg tweeted last week. “Hard to think how they could have screwed this up more. So many lessons to be learned.”
My question for PSN subscribers: Are you satisfied with Sony’s handling of the PSN hack? Network restoration time? “Welcome Back” freebees? Please answer in comments. Also, the poll above comes from a story I posted yesterday. Please answer that, too.