PlayStation hack fires warning shot at Connected TV market

The hack and subsequent suspension of Sony’s PlayStation Network points to a possibly uneasy future as the worlds of IT and TV mesh further together.

Sony’s PlayStation Network, which as well as offering online multiplayer gaming also serves as a conduit for online services such as Netflix, has been a phenomenal success for the company, notching up 77m account registrations worldwide since it was launched just before Xmas 2006. Taken together with the Qriocity (it’s pronounced ‘curiosity’ if you’re curious) streaming network, in fact Sony’s activities in the area have been seen by many as a blueprint for the future world of Connected TV services.

They still are too, but with one important probable modification: encryption of user data.

The current problems started on April 20, with an announcement that the service was undergoing maintenance. A couple of days later this was followed by a posting on the official PlayStation blog that there had been an ‘external intrusion’, and then finally on April 26, the following bylined to Nick Caplin – Head of Communications, SCEE

“Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.”

This is not good by any stretch of the imagination. Most users maintain fairly lax password security, and copy the same one across a variety of sites and services, giving the hackers potential access to all manner of accounts, while emails alone can be extremely valuable data to those up to no good as well. But then there’s the clincher:

“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”

Which is seriously not good by any stretch of the imagination. Sony has been a target for hackers since a run-in with hacker George Hotz, who published details of how to jailbreak the PS3 several years ago, but it can never have imagined that the spat would have got to this stage. However, speculation is rife on the internet that it may have been partly the architect of its own downfall. As IT blog The Register pointed out on Tuesday, “Sony’s advisory means that the company was likely storing passwords, credit card numbers, expiration dates, and other sensitive information unhashed and unencrypted on its servers. Sony didn’t say if its website complied with data-security standards established by the Payment Card Industry.”

The company is now in full on fire-fighting mode, and is especially defending the six-day delay between the suspension of the service and the revelation that credit card details may have been compromised (“It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach,” says a statement). The rest of the industry, meanwhile, is looking on aghast and wondering exactly what genie has been let out of what bottle. Consumers have long been aware that sharks patrol the waters of the internet when they sit at their computers, but to have them approach shore via their television sets as well might possibly scare a lot of them off the concept and out of the Connected TV water altogether.

Subscribe and Get SVG Europe Newsletters