Sony PlayStation security breach – how to protect yourself

28 Apr 2011

The malicious attack that brought down Sony’s PlayStation network has its 77m-strong community wondering just what the attack will mean for their personal security and vital information, such as credit card details. Here’s what the experts say.

“Sony PlayStation network customers will rightly be concerned at the breadth of their personal data which may now be in the hands of an unknown hacker or team of hackers – name, address, password, answers to security questions, date of birth and possibly even credit card details,” says Dermot Williams, MD of IT security company Threatscape.

“The fact that Sony has chosen to entirely shut down this high-profile and very widely used service – and is ‘rebuilding’ it before making it available to customers again – indicates that the intrusion, and scale of data theft, could be very significant, indeed. As events have continued to unfold we believe the culprits are likely to be cyber criminals motivated by the prospect of financial gain,” Williams said.

Sony takes nuclear option on PSN hack

Phil Lieberman, CEO and founder of Lieberman Software, is an IT security expert with more than 30 years of programming experience and expressed his his viewpoint on the Sony PSN hack and how users can protect themselves from similar breaches.

“Taking a baseball bat to a hornet’s nest is never an advisable strategy,” Lieberman said. “Sony’s strategy in defending its intellectual property was heavy handed and has triggered the ‘nuclear option’ with those that it engaged.

“Perhaps Sony could learn a few lessons from Microsoft in how it has handled Xbox 360 and Kinect intellectual property.

How to protect yourself in the fallout of PSN hack

Lieberman’s suggestions to users are:

·         Don’t provide correct DOB or other personal information to this type of vendor (ie, playing games online)

·         Use a throw-away email account

·         Use an anonymous debit card for these types of online transactions

·         Use a unique password per site

·         Always assume the company gathering personal information is totally incompetent at securing the data, and users should consider what they share with them and how they are going to recover their personal identity after they lose their information.

Williams recommends that users of the PlayStation network take the same precautions which are recommended for all online transactions, including:

Users should choose carefully which online sites they provide with their personal or financial information. “Do not use the same passwords (or security questions and answers) for multiple online sites. This is important, as otherwise an attacker who steals your credentials from one site may be able to access your account on other sites, such as email and online banking. If you are a PlayStation network user and used the same password for other online sites, you should immediately set a new, unique and hard to guess password on each other site you use.”

Be wary of all unsolicited communication received. Attackers often use stolen data in authentic-seeming ‘phishing’ emails, letters or phone calls which attempt to obtain further details (such as credit card security codes) from victims. Those responsible for this latest intrusion might even send out emails claiming to be from Sony in an attempt to fool recipients into handing over further personal details.

Carefully scrutinise bank and credit card statements for any signs of unauthorised transactions. “As always, before any internet activity you should make sure that your computer is adequately secured – with effective and up-to-date security measures, such as anti-virus and firewall, and the latest software patches from vendors, such as Microsoft and Adobe, installed to ensure any security holes have been plugged.”

Regarding the implications for Sony, the brand, Williams says: “Sony executives will no doubt be horrified that such an important part of their digital strategy has suffered a security breach, and will be attempting to minimise the long-term damage to their reputation, brand, and the trust and loyalty of customers.”

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years