playstation
TRANSCRIPT
• Founded on Dec 3 1994 in Japan
• Package: PS VITA, PS 4, PlayStation TV, PS 3
• Revenue of 2013 was 707.1 bil ¥ (4.9 bil €)
Overview
• Release: 2006
• Number of users: 110 million
• Free network and gaming service
Overview
19 April 2011
PS Network Team detects unauthorized activity in the Network
20 April 2011
• Sony shuts down PSN Network
• No explanation to customers
Weak Points in…
• The system was hacked previously
• Data not encrypted
• Firewalls failed to handle intrusion
• 3 days to identify the invasion
Security
• Failed to warn about security breaches
• Warned about the invasion 1 week later
Company
Outcomes
Loss
• $ 171 million
• 77 million users account data
• 12k credit card numbers
• 10% of users in a month
Press
• “…Sony Network does not know who did that…”Reuters
• “…largest identity theft record…”
Bloomberg
• “…Violation of PCI Compliance…”
Reuters
• “…PS3 security system was an epic fail…”
Chaos Communications hackers conference
1 May 2011
“Welcome Back” campaign
• Free games for PN users
• Free Premium accounts for 30 days
• Discounts for new games
Solution of PlayStation
• Changed Terms and Conditions
• Hired 3rd party for investigation
• Improved protection for personal data
• Warned to be “aware for personal information”
• Warned to “review your account statements”
PlayStation Reaction
Recommendation
Before
Security
• Encrypt data of the users
• Improve the security system
• Emergency policy and training in case of alerts
• Install Denial of Systems (DoS)
Company
• Prepare the procedures in case of outrage
• Prepare standard public statement with
case specific characteristics
Recommendation
After
Security
• Warn users to change or delete data if necessary
• Stop the system if necessary
• Find the weak points and correct them
Recommendation
After
Company
• Warn users about the invasion IMMEDIATELY
• Publicly apologize for inconveniences
• Give some promotions to users
• Act according planned procedures
including statements