So, I totally acknowledge that we’ve done nothing but Sony/PSN stories for close to a week now, but this unfolding saga has been dominating the news. I figure one more post on the subject was important, more from a public service announcement standpoint.
Sony finally admitted that during a security breach last week, an outside source gained access to all PSN usernames, passwords, email address, mailing addresses, phone numbers, birthdays and most likely, credit card data. That’s pretty much the worst case scenario picture I painted last week. We already know that Sony has handled this crisis totally wrong, as detailed here, which is further exacerbated by waiting a whole week to notify their customers that all their personal data had been exposed. On their blog post, they even go as far to recommend users continually check their credit reports and provide info on how to do that.
At this point, the footnote to the story is that PSN will be up in about a week. The real story is that this was a complete and total failure by Sony. A few recommendations: If your PSN username/email and password combo is used on other sites (i.e. you’re one of the many who reuse the same password with different sites) now is a good time to change passwords to at least some of your most critical sites like email accounts, banking accounts and anything else that is super-sensitive. Using a browser plugin and mobile app like LastPass is great for managing passwords and generating unique passwords for each site. It is less convenient to have different passwords for all your sites and services, but Sony has taught us a valuable lesson: your data is not safe with anyone. Also, it should go without saying that you should closely monitor your accounts for any anomalous activity. Plus, now’s not a bad time to start looking in to enabling two factor authentication on sites like Google and Facebook — something that’s automatically enabled on Steam now.
To wrap up my words on the Sony issue, I wonder where it leaves consumer support on current and future Sony products. While security breaches can happen anywhere and at anytime, Sony’s complete mishandling of this major incident will be hard to forget. Do I want to reward a company by continuing to purchase their products and services who not only lost my data, but at first lied, then delayed telling me about it? Not really. That doesn’t mean I’m throwing out my PS3. That won’t accomplish anything. Sony already has my money and the data is long gone, but it will be hard to support that or future Sony platforms going forward. How about you? Has Sony made your “must avoid” list as a consumer or has this debacle left you unfazed?