Slashdot Mirror
PlayStation Network Hack Will Cost Sony $170M
alphadogg writes "Sony expects the PlayStation Network hack will cost it $170 million this financial year, it said Monday. Unknown hackers hit the network gaming service for PlayStation 3 consoles in April, penetrating the system and stealing personal information from the roughly 77 million accounts on the PlayStation Network and sister Qriocity service. A second attack was directed at the Sony Online Entertainment network used for PC gaming. Sony responded to the attacks by taking the systems offline."
Does the $170 million figure include compensation for PSN subscribers who suffered from the outage?
All they need to do is add a bunch more PSN subscribers, and they can make it up in monthly subscription fees.
Problem solved. You're welcome, Sony.
SJW: Someone who has run out of real oppression, and has to fake it.
$2.21 per person, that's not bad!
I haven't even bothered using my PS3 for watching Netflix since this happened. They've lost some serious viability as a platform with this blunder.
All they need to do is add a bunch more PSN subscribers, and they can make it up in monthly subscription fees.
Problem solved. You're welcome, Sony.
And how do you propose they recoup the lost confidence from their developers and publishers?
My work here is dung.
So apparently credit monitoring for 77 million people only costs about 2 dollars per person for a whole year.
Let's be honest. This is an outage of an entertainment network. I don't think anyone can really claim they suffered due to it not being available. If anything they may have gained by the fact that they did something else.
Now, if you want to argue that people are suffering due to the information loss, I'll go with that one. But not from the outage itself.
yvan eht nioj
Look, the compensation that Sony is giving out in the aftermath of the PSN attack is peanuts. It doesn't cost them a hell of a whole lot to set up. The free two games? Sony already has deals set up with developers to provide "free" games to PSN plus subscribers, the additional cost of a few extra free games to all subscribers (who might not even take advantage of it, since most of these games are ancient and they probably already have it) is marginal, at best. The one month of free PSN+ for subscribers doesn't cost much, either, since it's only a small minority with PSN+ accounts. I'd doubt that the compensation would cost them much more than a few million dollars at best.
My postings are informational and does not constitute legal advice. Act on it at your risk.
How much is this going to cost the people who's credit information was stolen? fuck Sony I don't care how much it will cost them!
The real question is whether it would have cost them $170 million to leave the OtherOS feature alone. Lets not forget Sony started the fight with the community by removing a feature originally provided on the hardware that was used heavily by researchers and programmers at home. Then the community found a way to root the PS3, then they patched it, then the root keys were found, then they started blocking rooted consoles from the network, then the network was taken down for everyone.
The community is big, Sony is small, and there are enough fringe elements in the community to make us dangerous as a whole. Hopefully they've learned their lesson and begin behaving in a more cooperative manner with the community, but I have a feeling they're just going to raise the stakes even further.
I got an e-mail about a free month and a half or something like that on all games I previously held an account on... They going to bring the MxO server back up for a month and a half?
A simple SQL injection revealed user info from there, so let's keep that tab open Sony.
Absolute power corrupts absolutely. indymedia
The estimate seems a tad "light". That might be direct costs (compensation, credit monitoring, lost revenue during outage etc), things that can be measured directly. However I'm sure that there is a a huge hidden cost that is not being included. I can't imagine it being anything less than half a billion in related losses. People think security is expensive. Lack of security is even more expensive.
Sony is no longer the paragon of technology they once were in the days of the Walkman.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
What would have been the cost to upgrade their system to prevent this in the first place?
Yes, I know some things you cannot predict, but supposing they knew about each vulnerability. How much would it have cost? $170M is a lot of money, but I know that infrastructure changes in big entities can cost a lot of money.
Has anyone received their identity theft protection that they were supposed to have paid for?
... considering their estimated FY2011 $3.1B loss due to natural disasters.
When you figure in the customers who they have finally "turned off" who just won't buy Sony 'anything' anymore, Sony may just have permanently set a backward slide.
It only takes one or two 'hits' from a manufacturer treating a customer badly to cause a consumer to give up on a brand. You hear comments like that all the time.
For me, the rootkit fiasco & a $3000 Sony TV that a bit over a year later had the remote fail and they no longer sold that model of remote was the last straw. Good companies don't do that. My feeling is that Sony has never taken software seriously as evidenced by all the published failures.
it does pay to ignore security.
Two of my imaginary friends reproduced once
I happened to have changed my PSN password months ago when people would share their accounts with their friends, so I wasn't worried about hackers getting access to my email, or online accounts anywhere else. I did have to cancel my debit card that I had on file with Sony and get a new one, but I was also lucky enough to not have anything charged on the card while it was still active.
Even so, I don't trust Sony's security measures, especially considering what happened with their page to change passwords getting hacked as well. (jeez, lol)
I didn't and currently don't miss or even use PSN. I watch Netflix on one of the many other Netflix capable devices I have (at last count, 5 in my entertainment center alone). Even the couple of games I purchased through PSN before like Final Fantasy VII and Super Street Fighter HD Remix still work so I don't really need PSN anymore.
I honestly don't think Sony will have any issues with PSN (or PSN+) subscribers in the future. There are so many uninformed people out there that have no idea what's been going on that will just sheepishly sign back in when the system is back up.
The real cost is not 170,000,000.00$, it is 170,000,009.99$ because I was planning to buy Tetris from the PSN and with their lousy security they just lost my business...
That should teach them, and if this is not enougn, I will also not hesitate to send them a strongly worded letter.
lucm, indeed.
The hack won't actually cost them a time.
The compensation will be in the form of a PSN+ subscription. But you will still have to cough up a credit card or something. Then it will be the users responsibility to unsubscribe when the free subscription is up. Most of the Sony lemmings won't notice until the CC bill arrives, then they will already be in the second month of service and have to pay for that too.
So Sony is still going to make money from the deal.
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
Hmmm, I wonder what the cost of a proper IT security system would be? I bet less than $170 million. From what I heard about some of their security issues, the price tag would basically have been "free" for patching some of their blatant holes. I believe also the price tag on top level management pulling their heads out of their asses and stopping kidding themselves about their pathetic state of security would also be $0 because that's pretty intangible and mostly mental lol. Let's hope they still have the budget for that.
No, Sony started the fight by making half the system's RAM off-limits to homebrew. The Other OS hypervisor didn't provide any sort of 3D or 2D acceleration or even a well-defined method to use otherwise unused VRAM as a RAM disk. As I understand it, the only way Geohot and others tried to "hack the PS3's security" before this whole incident was just to try to do basic things with the GPU.
See what they got?
I think the high cost is good thing. It creates a strong business case for security. companies will only take information security seriously when 1. there a very real cost associated 2. the cost of strong information security is less than the costs of loosing information. Earned value to the rescue! [Probability of getting hacked] * [cost of hack (170 million)] [cost of infoSec department]
I've had my .me email address for over 10 years. I use it everywhere, from shopping sites to forums to friends and family.
I used to get little to no spam and all of a sudden I'm getting 15 - 20 junk mails a day and it's getting worse all the time.
How much is my time worth to change out my email address on all those sites? How much is it worth to lose the email address I've had for years?
Having worked in a large corporation where I ran the IT department - as well as all activities related to security, credit cards and PCI - I would have to think that $170MM is a little low. Firstly, if you look at the TJ Maxx credit card loss (about 100MM cards lost), they paid over $40MM to Visa as a penalty. Now you have PSN getting hacked at a similar scale, but US states have more restrictions/penalties when a company loses control of consumer data like this. Then you factor in the cost of being down so long, the cost of all the on-site audits, the cost of remediation, etc, etc. I could be wrong, but I'd have to think this will amount to more than $170MM. I wouldn't want to be Sony's CTO and/or CISO!! I guarantee that person got reamed - if not fired altogether!
A staggering $2.20 for each account they compromised...
This does not "beg the question".
For this to beg the question, the scenario would have to be something like:
That is begging the question. What you meant is "This makes me wonder..." or less optimally (because of it doesn't indicate who is doing the questioning) "This raises the question...".
I know people like presenting questions they have as if they're so obvious that the questions are just "begging" all rational beings to be asked, but the phrase has a very specific meaning, so find some other way to present that idea.
Next time maybe they'll leave well enough alone.
Anyone tired of this whole PSN thing? I know I am, I just want it to all go away.
The 170M is just the cost to hire security consultants to... make the security the way it should have been from day 1, apply security patches and actually put some real security people in the loop. Actual damages were most likely peanuts.
It would have been far cheaper to just hire qualified staff, and pay them a decent wage.
The community is big, Sony is small
There are 50 million PS3 consoles out there. 70 millon PSN accounts. 17 million Playstation Home social networking accounts. 8 million MOVE controllers. This is the community that the geek pisses off so easily and it is huge and it is enraged.
there are enough fringe elements in the community to make us dangerous as a whole.
It seems well within the power of the finge elements within the geek community to destroy it as a whole.
The core market for the PS3 is the mddle class family.
The PS3 FAT based HPC cluster is for the research lab on a starvation budget.
The reason the lab is starving is because it can't persuade the middle class to subsidize the services it offers - and passing the costs on to Sony's consumer products and sales divsion doesn't go down any easier.
Which is why - if you have an once of sense - you keep these things under the radar.
The geek has an adolescent's sense of entitlement, self-importance - and invulnerability. He is - in his own mind, at least, Lex Luther and Superman combined. Who could be more anarchic and Libertarian than old Lex?
He is everything the middle class despises on the most elemental - visceral - level.
To forget that for one moment is suicidal.
It's that big fat zero at the end of the calculation.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Does this also include the bonuses they will pay to the execs this year?
170 Million $ is pocket change for a company of this size.
Probably not. The (old) games they're offering in "compensation" are ones that I wasn't planning to buy anyway. I'm sure I'm far from the only one that can say that. Add that group together with the group composed of people who have already bought those games, and factor in the fact that digital downloads don't really cost the company anything, and you end up with a few people feeling left out (because they bought the game) and a few people with a game that they wouldn't have spent money on anyway. Sony won't lose anything on that deal.
"I disagree with you" does not equal "flamebait."
2-3 stolen songs worth? (RIAA scale) phhht.
Probably not.
I eBay-ed my PS3 last month, replaced it with a standard Blu-Ray player that doesn't need its own separate remote and have spent more time watching movies and less time fiddling with Sony's BS:
It wasn't about me making a statement, because I know Sony doesn't care. It was about me deciding that continuing to use Sony's products was blatantly masochistic and it needed to stop. If more people woke up and abandoned Sony, it would be faced with a choice between bankruptcy and providing products people want.
Unfortunately, most people will probably continue taking whatever Sony feeds them.
These hackers disappear for a few months and then come out with the information they have stolen?
That would teach quite a lot of people that not all problems can just be forgotten after a short while. (Or what it means to have everybody access your mobile number and e-mail address like on social networking sites where complete strangers could find enough information to host a surprise birthday parties at somebody's house.)
It's a Japanese company so the level of compensation for executives is not as obscene as here in the U.S. http://cbr.sagepub.com/content/35/3/68.abstract. I fact they make about 1/3 of what executives here do http://lsr.nellco.org/cgi/viewcontent.cgi?article=1355&context=harvard_olin&sei-redir=1http://lsr.nellco.org/cgi/viewcontent.cgi?article=1355&context=harvard_olin&sei-redir=1#search="japanese+executive+compensation+vs+us"
Okay, so everyone thinks the cost is directly financial. What about the cost in PR?
This company just got mentioned in article after article in just about every newspaper on the globe. No pretty headlines, either. Lax security. Leaked data again? Oh.
The direct cost might be possible to calculate - but the cost of no one trusting Sony with personal data could disrupt their online business entirely.
The rootkit disaster, as often mentioned, still sits in all of our minds and everyone we talk with. Do not underestimate the badwill. Want to be a contender? Do not fuck up - this economy will not allow it.
The cloud crap gets another black eye and this one is hardly deserving, considering the immense lack of competence security-wise on Sony's part.
Fight for your digital freedom, join the EFF *now*: http://www.eff.org/support/
For a moment I thought they're going to be using BSA/MAFIAA pricing model.
Which is about THREE bucks each more than they apparently paid for our "security"...
Stone
Sounds like they need to download AVG free or Malwarebytes. ;o) Someone at Sony is going to be called upon to fall on their own sword at some point.
In some crazy world where we could have known beforehand, Sony could have closed up PSN and given every user 2.5M dollars and everyone would have been perfectly happy.
Twinstiq, game news
Doesn't seem like much when you put it that way....if they. just charge all the victims 2.50 instead of compensating them the'll have a rosy quarter...