Sony’s PSN woes highlight a bigger security problem
The news that Sony’s Playstation Network went offline in late April due to hacker activity might be easy to brush off as just a problem for console gaming types and nobody else, if it weren’t for the wider implications of the particular attack.
Persons unknown gained access to Sony’s PSN network, and, as it later emerged, one of the company’s other businesses, Sony Online Entertainment. From that hack, user details and possibly credit card details were compromised. Sony’s being a bit coy about that latter detail, at first saying they had “no reason to believe” that credit cards had been compromised, to moving to pointing out that details were encrypted before it emerged that a number of card details were accessed from the SOE hack, including a couple of hundred Australian credit cards. They were, so Sony says, cards dating from 2007, most of which should be obsolete now in any case.
The credit card side of things doesn’t fuss me as much as it might, partly because I keep a very close eye on my accounts, but also because most Australian financial institutions will reverse fraudulent charges without penalty to the original card owner if it’s not their fault — and this certainly couldn’t be! A nuisance, to be sure, but a nuisance that shouldn’t haunt you for that long if it’s a spectre at all.
The loss of personal details, especially passwords, is more troublesome. You can’t do anything to change your date of birth or matters like that, but plenty of people use the same easily changed passwords over multiple sites. Needless to say, if you are a PSN or SOE user with passwords that match other services of yours, change those passwords immediately. But even if you’re not, and you’re using the same password over multiple sites, stop it. It doesn’t necessarily have to be as big a hack as the PSN one was, but if your password is the same in one place, it’s reasonable for criminal types to try other services you may use to see if they can gain access there. Moving from a non-critical service (like, say, Facebook, where you shouldn’t suffer any “real world” loss) to your bank account is as easy as waltzing in if you know the password, and having the same password across both is rather like using a simple latch to secure your front door. It looks to all the world like the door’s shut, but if you know that a simple push will pop the latch wide open, you realise that it’s not secure at all.