To say that Sony's response to this breach has been understated is itself a huge understatement. In a press release that the company sent out this past weekend, almost two weeks after the breach happened, they outlined the steps they were taking to deal with their "oops" moment (I am being gentle here), and then tried to make amends in a manner befitting a clueless corporate monolith (ok, forget gentility). They'd like to welcome their users back to the network with the following:
"All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service."
They are also offering some unspecified, free downloads, in addition to some yet-to-be named freebies. Be still my heart! Thirty days of access to Playstation Plus and all you had to do was open the doors of your home, your office and your life to identity thieves. What a great deal! And, in case their customers are actually concerned about the integrity of their identities, Sony was kind enough to provide a few self-help tips on protecting yourself and a short list of government and credit reporting agencies to whom you can turn in the event of a personal compromise.
Hacking the System I have always believed that all of the gaming networks, and other kids' sites that have an e-commerce component, are the most vulnerable repositories of any large caches of PII, for a few very simple reasons. It is undeniable that although the universe of avid gamers and the galaxy of talented hackers aren't congruent, there is a rather substantial overlap. Many of our children are light years beyond our technological prowess. Smart kids have been responsible for some of the most famous hacks of history, involving compromises of both government and industry computer networks, many of which were "innocent" pranks—done for thrills rather than financial gain or more nefarious purposes. Remember when, a decade ago, the recording industry announced the development of the "copy-proof" music CD? The idea was to prevent the uploading of music on a physical disk to one of the file-sharing sites like Napster or Kazaa where the music could be freely traded (and traded for free). A good friend of mine who had a large company that distributed physical CDs informed me that within a few days the elaborate and very expensive protection system was defeated by kids around the country using only a felt tip pen!
More importantly, youthful online gamers often exist in a culture that seems to make hacking more socially acceptable, perhaps even socially esteemed. There is a "cheat site" for virtually every popular game—just Google the name of the game followed by the word "cheat" and you'll see what I mean. Sure, this kind of cheating is victimless and really doesn't constitute any type of crime, but it's worth considering why little Johnny, who gets straight A's in school and would never cheat on his math test, probably has no problem using the cheat sites or even contributing to them.