Sony-Gate: PR Machine in Full Swing After Greatest Data Heist in History
For one brief moment this week, video gamers using Sony’s (NYSE: SNE) PlayStation tossed down their controllers and angrily hit the tech blogs and news sites.
The cause of their ire was an email on Tuesday, warning about a massive security breach of PlayStation Network (PSN), which gave hackers access to usernames, email addresses, billing addresses, birthdates, passwords and customers’ credit card information.
Needless to say, PSN customers (me included) are royally ticked off. Hardly surprising, given that it’s the largest identity heist on record, with 77 million accounts infiltrated.
So how did it happen?
Sony’s Song and Dance Routine is Straight Out of Amateur Hour
The scary part is, no one really knows. Not even Sony. Here are a few notes from the company’s email on Tuesday:
“In response to this intrusion, we have temporarily turned off PlayStation Network… Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened… And quickly taken steps to enhance security and strengthen our network infrastructure by rebuilding our system to provide you with greater protection of your personal information… Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained [your information].”
Okay. Let’s sift through the PR euphemisms and cut to the chase…
- Hackers hijacked the network.
- Sony has zero idea how it happened or who did it, so it hired outside help.
- All your sensitive data could now be sold to the highest bidder.
- Sony is now trying to patch up the holes that should have been secured as soon as it began collecting private data in the first place.
As if that weren’t bad enough, Sony waited almost a week to let people know. The company explained the procrastination like this: “It was necessary to conduct several days of forensic analysis, and it took our experts until [April 26] to understand the scope of the breach.”
And the fact that Sony sent the announcement just hours after it unveiled its new tablet computer in Japan is just coincidence? It sounds more like a move to keep the press focused on its new product, rather than the security debacle unfolding behind the scenes.
At least Sony confirmed that credit card details were encrypted. However, it’s unknown just how strong the encryption protection was and whether or not other personal data had the same level of security. As Mathew Solnik, a security consultant with iSEC Partners says, “Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers.”
As one person commented on Sony’s blog post, “You dropped the ball big time on this.”
The question is: What are the wider ramifications of this PR disaster?
Sony’s Mess is a Boon for Software Security Companies
Sony isn’t alone in this. You can expect the negativity to affect other gaming companies, too.
In other words: Look out below, Microsoft (Nasdaq: MSFT) and Nintendo.
As corporate communications advisor Sue Cato said, “It’s a red flag to a lot of people as to how Sony conducts its business… This will have regulators concerned about security. It will have consumer organizations concerned. It will have some gamers concerned.”
And according to Ricardo Torres of Gamespot.com, “‘Sorry’ doesn’t cut it for a lot of consumers at this point… The big question that will come up is what they’re doing for security.”
Bottom line: This situation underscores the coming growth in the cyber security industry that we’ve mentioned before. And as console makers beef up their security, no one stands to benefit more than publicly traded software security companies.
Of course, Sony hasn’t revealed the name of the “recognized security firm” it’s using to assess the breach. But this is merely one incident that underscores the critical role that these companies have in an increasingly technological world – and with increasingly advanced hackers. We’ll keep you posted on the possible investment opportunities in this fast-growing area.