Last month's massive hack on the Sony PlayStation Network has given the online gaming world a wake-up call as, weeks later, Sony Corp. still is struggling to bring the hugely profitable network back online.
The episode underscores the need for more cyber security at both individual and corporate levels.
After learning of "an intrusion" April 19, Sony suspended its PlayStation Network, for gaming and movies; Qriocity, its on-demand music service; and Sony Online Entertainment, its PC and Facebook gaming division, a company spokesman said.
The company emailed customers that hackers had had access to personal data, such as names, addresses and phone numbers. The three services reportedly had an estimated 100 million registered accounts.
Investigators "could not rule out whether credit card information had been accessed," Kazuo Hirai, head of Sony's games division, wrote May 4 in response to a congressional inquiry into the cyber attack. As of that date, no major credit card companies had reported fraudulent transactions directly related to the attack, Hirai wrote.
Now Sony faces the unenviable task of trying to restore the faith of the millions whose personal information and, in some cases, credit card numbers were taken.
It has been apologizing all over itself about the breach and doing its best to bring the networks back online, mostly because its most popular multiplayer games can't operate without it.
In a May 14 video statement on the official PlayStation blog, Hirai expressed "my sincere regret for the inconvenience this incident has caused you."
He acknowledged concerns about potential identity theft and outlined Sony's response. "We have greatly upgraded our data security systems," he said, noting increased firewalls and levels of encryption, among other things. "What this means for you, our customers, is greater protection."
Sony has offered to enroll all of its PlayStation and Qriocity customers, for free, in an identity theft protection plan. It also has offered them free games and other goodies to re-up for its products and services.
It's a good idea to accept the free protection. However, anyone who wants to re-enroll in the PlayStation Network will need to download a product patch and pick a new password (obviously.)
If I were using any kind of online gaming service, I would:
Never use a debit card. A compromised debit card offers immediate access to your linked account. A thief can clean you out before you even know what hit you. If you don't believe in credit cards, whose companies often monitor shopping transactions, go buy a refillable credit card at a convenience store. If that account is ever stolen or compromised, only the amount on the card is lost.
Use a strong password that mixes numbers, letters and special characters. Keep your password secure; don't write it down — at least electronically — and don't make it easy to guess.
Have a special account just for gaming, using a refillable card or one with a very low credit limit. If it is compromised, your exposure — and any losses — will be limited.
Even if you are careful, the company itself can be hacked, as was the case with Sony, one of the world's biggest brands.
Lastly, check your credit report once a year (free) at annualcreditreport.com.
Jim Derk owns CyberDads, a computer services firm in Evansville, Ind. Contact him at jim(at)cyberdads.com.