Sony Japan’s explanation for the PSN’s takedown yesterday didn’t tell us much, but -- nearly a week and a half on -- at least the company apologized. Sony’s deputy president Kazuo Hirai took the stage, bent forward as if to touch his toes in a deep and held bow, then apologized “for the great anxiety and inconvenience” caused by the ongoing PSN and Qriocity outages.
The event was carefully orchestrated, equal parts compulsory and evanescent. The awkward, affected executive bowing and hangdog faces were displayed to soothe prickly gamers with crippled PS3s, as well as allay fears that Sony’s soon-to-be relaunched PSN could once more knock tens of millions of PSN members offline if violated -- again -- by determined hackers or data thieves.
The company trotted out a "Welcome Back" program, seeking to placate customers thwarted by the outage. The program amounts to free region-select "PlayStation entertainment content" to be distributed soon. PSN members will get a month of free access to Sony's premium PlayStation Plus service (if you're already a member, you'll see another 30 days tacked on). Qriocity members will enjoy an extra 30 days free as well.
Sony said PSN and Qriocity services will be back in part this week, with online gaming, on-demand music, and video rental content going first, followed later by services like the PS Store, which could take until mid-May.
What did they know? When? How? Sony said little, but admitted the attack was launched from an application server that sat behind a web server and two firewalls, that the attack was disguised as a store purchase, and that it involved software shrewdly deployed to access customer data located behind a third firewall. The company said it consulted two security firms -- one to investigate the initial intrusion, and another to probe further once it became clear customer information was in breach.
But no, the company didn't address rumors spread last week that "encrypted" credit card data had been stolen, decrypted, and circulated. The company just reiterated prior press statements: That the data was encrypted, and that it had no evidence -- yet -- that any numbers were in the wild. Interestingly: Sony says it'll pay the cost of reissuing credit cards should the need to cancel arise (I wasn't aware that cost customers anything).
Last but not least, Sony says it's appointed a security czar to keep an extra eye on its online services rolling forward. That, in addition to reconstituted servers and putatively superior watchdog software, is what now stands between hackers and another takedown.
Let's hope it's enough.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.