PlayStation breach a warning for Apple and YouTube

28 Apr 2011

It has already been termed one of the greatest security breaches in history, but will the Sony PlayStation network breach that has affected 77m users provide a salutary lesson to players like Apple and Amazon, who also hold millions of credit card details?

Every time I download an app on my iPhone or iPad, for example, I’m asked for a password. That’s it. The app is downloaded and is mine to enjoy in just seconds. However, behind the scenes and over the air and down the broadband pipes, at the end is a slick, serious engine at Apple that crunches the numbers, manages the transaction and greenlights the download.

Few in the world realise it but Apple is one of the world’s largest repositories of credit card information. Every iPad, iPod and iPhone user must have a credit card in order to enjoy iTunes. It is a serious responsibility for Apple to manage and secure this data. But if you want to become the world’s entertainment, media and information hub it is a responsibility you need to shoulder.

I’m not picking on Apple, I’m merely illustrating a point. Apple is striving to reach the Holy Grail of providing music, video and software via the cloud. Others want to get there, too, including YouTube, which will launch a new movie rental service, Microsoft, with its Xbox and Zune platforms, Amazon, which recently unveiled a cloud locker for digital music, and of course, Sony.

As one of the world’s biggest entertainment companies, straddling the worlds of electronics, media and entertainment, Sony had reached that particular goal with 77m paying PlayStation users willing to download games, music, TV and movies.

While FBI and other agencies investigate the attack and Sony receives lawsuits from Alabama, users have had their trust shaken and now need to go back to the core of creating complex passwords.

The implication is that whether they have credit card details or not, criminals now have email addresses, common passwords and answers to security questions. The security breach makes the TK Maxx breach look tame by comparison. Trend Micro is urging users to keep an eye on their bank statements for any unauthorised activity.

What this means for the cloud

I don’t think this episode or last week’s outage at Amazon’s servers that knocked down the services of websites like Quora, Foursquare and others will impede the march of cloud computing.

However, as players like YouTube begin to prepare movie rental services, as Apple completes its cloud locker for music and movies, as Xbox 360 continues to emerge as a platform for movies and music, and as Amazon, too, creates cloud locker services, security must be top of the agenda to win over the customers of tomorrow.

The other side of the coin is what exactly led to the situation. Sony’s heavy-handed pursuit of hacker George Hotz (GeoHot), a 21-year-old who had allegedly jailbroken a PlayStation 3 to allow unauthorised games to be played on the device, has infuriated hackers.

The timing couldn’t be worse. We live in a time where hacktivism has emerged in the wake of the WikiLeaks saga that led to the arrest and trial of founder Julian Assange. Groups like Anonymous or groups that emerge from sites like 4Chan are motivated to right a perceived wrong and in the case of Sony, a group of hackers most likely was aggrieved by what it saw as an unjust pursuit.

While Microsoft openly welcomed hackers to jailbreak its latest Kinect wireless gaming console, Sony, to borrow a phrase, chose the “nuclear option” and embarked on a witchunt that led to the past week’s “malicious intrusion”.

As a result, its presence at the pinnacle of the Holy Grail of serving consumers’ entertainment needs in a networked fashion has been sadly shaken.

No one can say Sony was wrong to try and defend its intellectual property, but the manner of this defence has provoked powers that even a technology giant like Sony was ill prepared to defend against.

For rivals like Apple, Microsoft, Amazon, Google, Samsung, YouTube and others targeting the networked entertainment space, this may prove a salutary lesson to guard against security threats from hackers at all costs.

All eyes will now be on Sony to prove just to what extent the attack has compromised its subscribers’ security.

Other outcomes that wait to be seen will be the response of various data protection authorities around the world and whether legal action will be taken by governments. Already in the US, Alabama man Kristopher Johns has sued Sony over allegedly failing to encrypt data and establish adequate firewalls to handle a server intrusion contingency.

In what are the early days still of cloud computing and networked entertainment, expensive lessons like this will be valuable in the long run.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years