Credit Card Breach May Cost Sony $24 Billion

[Drop_D-Bombshell]

great, my credit details are with sony. I'm caking it right this moment.

Thanks Sony.

 

[Shadow-Phoenix]

*Waves goodbye to Sony*
Well You had good run guys.

Aye indeed they had a good run but at least they are dealing with the current situation unlike Microsoft who like to kick sony while they are down.

 

[JDKJ]

That is horrible math... Whoever did that "research" and put it out as if fact should be fired. Not every account has a credit card attached, not every account with a credit card was necessarily compromised, and to assume it will be an equivalent loss per account to another incident is foolish.

See the actual study: http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/US_Ponemon_CODB_09_012209_sec.pdf

They're counting each and every penny that could potentially be lost. They count direct loss. They count indirect loss. They count present loss. They count future loss. They count loss of sleep. They count the loss of a pet cocker spaniel and the reward money paid to get him safely returned. That's how they ended with the grossly exaggerated figure of $300 per document.

 

[Megacherv]

FuckfuckfuckfuckFUCKFUCKFUCKFUCK!!!

Okay, I doubt that this will bankrupt all of Sony (sue to the fact that Sony isn't just Playstation, and isn't just an electronics company, check them on the wiki), but fuck, all of SCE will likely be crippled if they had to pay this.

I want to address everyone who is all 'LOL SONY R SUXXORS' or 'Serves you right, hahahaha', think about this:-

You are an arsehole

There are people's jobs at stake, there is SCE's reputation at stake, what if everyone at SCE loses their job? What about hardware developers, first-party developers; they're all fucked. Not only that, what about all the users of PS3s? What about them? There goes PSN completely, all new games, everything's gone.

If you don't have any support to show, leave this thread. Just fuck off.

Leave us here to hope.

 

[erztez]

Ehm...not to go all Godwin on you...
But that's one of the stupidest arguments I've ever seen in my life.
I don't give a flying fuck about Sony employees.
Why should I?
If they're good, they'll find another job, if they're not good, well, then they can go hungry for all I care.
Corporations cannot be allowed to hold the jobs they create as hostages, they did that in the US and look what's happening there...

Honestly?
I think Sony should be fined to oblivion, if only to shake up the current console market Status Quo.

You should get out more if that's the stupidest arguement you've ever heard. Also, I don't know if where you've been lately but getting another job is kinda hard still.

Oh, I've seen some stupid arguments in my life, it's just that I've seen this one way too often.
And no, if you're good and your country's economy isn't totally fucked(and who's fault is that, really), getting a job is not an issue.
Granted, for Sony employees, that might mean they'd actually have to do a honest day's work for a change, but well, them's the breaks.

 

[MightyMole]

You know, I'm starting to feel really sorry for Sony... At first I thought they kind of deserved the hackers after the whole Geohot incident, then I was kind of angry with them for shutting down PSN and choosing their words in such a way that made it seem like it was taken down by hackers and not them... But now I'm kind of afraid for them. I really don't want them to get run out of business.

You know, fanboys can jade peoples opinions of companies and your hate for their blind fanboyism can sometimes translate to the companies themselves, but we cant forget that Sony is a company who released a product they thought that people would enjoy and it would be a real shame to see people lose their jobs because of this...

After the past month, I really just want hackers to stop, before they ruin gaming for anybody else..

 

[-Dragmire-]

A representative from the Information Commissioners Office said that even though Sony's EULA attempts to cover them from that responsibility by stating, "We exclude all liability for loss of data or unauthorized access to your data," such a "contract" might not hold up.

This looks like a small glint of a silver lining, I'm hoping to see the end of one-sided, no negotiation contracts that are so bloody long no sane person can read it in one sitting.

On a side note, the last psn update(the newest big one) stated that Sony(SCEA/SNEA) had started collecting more information than they previously had.

 

[Korten12]

Xbox Live and Steam might be unaffected now, but this attack on the PSN proves that such networks are vulnerable.

How's that exactly? Are you assuming that XBL and Steam are using the sam piss-poor security measures that PSN was? Obviously not, or they wouldn't have been active for as long as they have with so few incidents. XBL has been around twice as long as PSN, and Steam has existed even longer than that. And yet neither has had everything stolen up to this point.

Tell me, what is the PSN security? Anyone? See the thing is, no one knows how good or bad the security is.

Nothing is 100% hackproof. We don't know if this hacker was working for months, all we know is that they had successfuly hacked. It could've been some hacker who was trying to beach it all during the court cases.

No one has any idea though.

 

[erztez]

Xbox Live and Steam might be unaffected now, but this attack on the PSN proves that such networks are vulnerable.

How's that exactly? Are you assuming that XBL and Steam are using the same piss-poor security measures that PSN was? Obviously not, or they wouldn't have been active for as long as they have with so few incidents. XBL has been around twice as long as PSN, and Steam has existed even longer than that. And yet neither has had everything stolen up to this point.

Amen...
I've been trying to tell people just that for a while.
Hacking isn't a yes/no proposition.
Sure, you can usually get in, but you CAN'T usually walk out with the whole database.
Also, who the fuck stores unhashed passwords?
For that, if nothing else, whoever's responsible for ITsec at Sony should be publicly tarred and feathered.
Then fired.
From a canon.
Into the Sun.

 

[JDKJ]

Xbox Live and Steam might be unaffected now, but this attack on the PSN proves that such networks are vulnerable.

How's that exactly? Are you assuming that XBL and Steam are using the sam piss-poor security measures that PSN was? Obviously not, or they wouldn't have been active for as long as they have with so few incidents. XBL has been around twice as long as PSN, and Steam has existed even longer than that. And yet neither has had everything stolen up to this point.

Tell me, what is the PSN security? Anyone? See the thing is, no one knows how good or bad the security is.

Nothing is 100% hackproof. We don't know if this hacker was working for months, all we know is that they had successfuly hacked. It could've been some hacker who was trying to beach it all during the court cases.

No one has any idea though.

It could be a disgruntled former Sony employee who helped create and install the security measures (which wouldn't make him much of a "hacker" -- more like a burglar with the keys to your house).

 

[erztez]

Tell me, what is the PSN security? Anyone? See the thing is, no one knows how good or bad the security is.

Nothing is 100% hackproof. We don't know if this hacker was working for months, all we know is that they had successfuly hacked. It could've been some hacker who was trying to beach it all during the court cases.

No one has any idea though.

Sony warned people that their DB has been breached and that that should change their passwords.
That implies that whoever got in could have possibly (not saying that they actually did) obtain usable passwords from Sony's DB.
That's criminal negligence right there.
Also, the PSN security is a single SSL layer and outdated Apache servers.
Now you know.
And the more you know...

 

[Booze Zombie]

me=this go slothfulism! (go making-up-words too!)

Slothism? That should be in interesting movement... or lack of therefore! Eh, eh? I'll get my coat.

 

[erztez]

It could be a disgruntled former Sony employee who helped create and install the security measures (which wouldn't make him much of a "hacker" -- more like a burglar with the keys to your house).

Unlikely, judging from Sony's response to this fiasco, if the guy actually had access, they never would have found out he got in...

 

[Vanbael]

Snippity snip snip

The Pomenon Institute study referred to does not in any way support a conclusion that "it may possibly cost $24.5 [billion] for [Sony] to clean up the mess." Rather and according to the Pomenon Institute:

"Our current analysis of the actual data breach experiences of 45 U.S. companies from 15 different industry sectors takes into account a wide range of business costs, including expense outlays for detection, escalation, notification, and after the fact (ex-post) response. We also analyze the economic impact of lost or diminished customer trust and confidence, measured by customer churn or turnover rates.

Utilizing activity-based costing, our methods capture information about direct expenses such as engaging forensic experts, outsourced hotline support, free credit monitoring subscriptions, and discounts for future products and services. We also capture indirect costs such as in-house investigations and communication, as well as the extrapolated value of customer loss resulting from turnover or diminished acquisition rates."

Source: http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/US_Ponemon_CODB_09_012209_sec.pdf

The study doesn't quantify clean up cost alone. It quantifies just about every imaginable cost, both direct and indirect, tangible and intangible, spread out over years.

This isn't the bankruptcy that the article makes it sound like. It's not just clean up costs. It's total costs. Sony can and will easily weather $24 billion IN TOTAL COSTS. TOTAL COSTS. TOTAL COSTS. TOTAL COSTS. TOTAL COSTS.

I applaud you for going the extra mile. As far as the news coming in here, followups would be nice.
But as I look at that total, I know Sony can pay it off. They are a world wide company. The amount is substantial (you can solve a good number of state deficits with that).

Yes, this should have a negative impact with Sony's PlayStation department, but I can see them shrugging it off and coming back. People will still play games on the PS3, and I bet they will use this breach as fuel to put customer protection into motion. Lets not forget that Sony doesn't just do PlayStation, they do everything that is electronic. This will not make the PlayStation go away, even for their NGP. They might however cut other departments, or maybe balance out their checkbooks between departments between their profit surpluses and put it towards the PlayStation to recover. Sony is a huge fucking company, they would need to get hit from all fronts other then Playstation to shut down.

Also, what's been lost in this whole mess is how the attack affects the little guys. The independent developers who sell their games exclusively from PSN haven't made a dime in the last week, and probably won't for a good long time as consumer confidence in the PSN will take a long time to return. Unless Sony bails them out, the devs behind games like Pixel Junk Shooter and Mod Nation Racers are screwed, and I think that's the real tragedy here.

This I must say is the sadder part of the whole ordeal, I like these guys. I do hope that they get bailed out of this mess. It hurts the customers (like me) when we can't get on, but it also hurts the developers like these. I hope the little guys survive. It would be tragic, in the history of gaming for these guys to go down.

 

[Korten12]

Haha, I kinda like who ever did this. Stick it to the man. Stay humble, Sony.

You honestly think they deserve this much?

I am sorry but thats fucked up.