Service stoppage since Sony server security scandal
Playstation Network still offline
It’s been a frustrating fortnight for Playstation 3 owners everywhere. PlayStation Network, the service used to play online on the PS3, was closed almost two weeks ago leaving gamers without access to any online content or multiplayer games. It was revealed that the service was closed not for maintenance but as an emergency security measure.
Sony’s PSN servers were the target of a successful malicious attack by unknown hackers, who compromised PSN servers and made off with personal details, including passwords and e-mail addresses, from over 77 million PSN accounts. Included in the data stolen is all 9 million accounts registered in the UK. Further information was also stolen from the servers of Sony Online Entertainment, a PC gaming service which runs the likes of _EverQuest _and DC Universe Online, where the hackers accessed an ‘outdated’ database from 2007, containing 12,700 credit card numbers in addition to a further 24 million usernames and passwords. Although Sony has confirmed that only 900 of these cards are still within the expiry date, it has quite rightly advised all users to pay special attention to their statements. The internet has been awash with rumours that credit card data is now up for sale to the highest bidder after Sony rejected a deal to buy it back.
Although specific details on the attack have not yet been released, the basics of the procedure used to gain access to PSN servers have now come to light. It was revealed a vulnerability with the PSN application server, sitting between the web server and the database, allowed the hackers to inject malicious code. Once they were inside the internal PSN network, they attacked the database server and gained access rights to the databases. Some commentators have claimed that the vulnerability was due to the servers using an out-dated version of Red Hat Linux that hadn’t been updated with security fixes, whilst others claim that the intrusion was an inside job by disgruntled employees recently laid off in massive job cuts at the company.
Sony has announced that it aims to get fundamental PSN services – that’s online play, account management, chat and PlayStation Home – up and running before the end of the weekend, no doubt to coincide with peak revision/procrastination time for Imperial students. PS3 users will have to apply a mandatory update to their console and will be forced to change their password as they log into PSN, but this option is only available on the console on which they originally created the account in order to prevent anyone with access to the hacked data from doing the same. In the event that this console is unavailable, users can use a verified e-mail address to change the password instead, underlining the need for any PSN users that re-use their passwords on other sites to change them as quickly as possible.
In what is surely a move to prevent as many disloyal PlayStationers from turning to Bad Billy Gates and his Xbox as they can, Sony are also going to be offering a ‘Welcome Back’ package of treats. Every user will receive 30 days free access to ‘PlayStation+’, PSN’s premium pay-only service, and there will also be a selection of free content available that has yet to be announced. Rumours have also surfaced that Sony will be slashing the price of PS3 consoles worldwide at around the same time.