Wednesday, 27 April 2011

The Sony data disaster. What does it mean for you?

As recently as last Wednesday we blogged on "How safe is the data on your computers?" (see http://goo.gl/djlw6).

That was the day before Sony took down their Sony PlayStation Network, used by 75 million people worldwide, to protect it against what Sony called an "external intrusion". This is Geek-Speak for a successful hacking attack.

This attack is unlikely to have been perpetrated by a lucky, spotty 16 year old in his darkened bedroom. It is much more feasible that it was a targeted attack by a sophisticated group of hackers.

Their aims are currently unknown, but it is quite possible that they are not seeking to do anything other than to prove that they can. Sony will certainly hit back with whatever powers they can bring to bear and anyone attempting to access compromised bank accounts may quickly find PC Plod knocking on the door.

What is much more important to us, the innocent users, is why on earth all of those details were so easily accessed. The hackers have managed to get past the firewalls which Sony would have definitely had in place. This is the technically difficult, and interesting, part of the hack. But why, having accessed the internal Sony servers, was the data seemingly left wide open? Why was it not held in encrypted files so that such a hack would not be able to access any useful information? This is Sony's main failing in this case.

It would seem that the hackers have accessed user's names, addresses, dates of birth, passwords and possibly credit card details. Armed with these details a very malicious hacker could start stealing user identities. It is also well known that many users have one or two passwords that they use across many services.

If you have ever accessed the Sony Network online then you should now change as many passwords for other online services as you can and closely watch your credit card transactions.

For future information you should never post your real date of birth on any website and you should set up a "throw-away" email address with Hotmail or Gmail for using online.

Even such a global, previously reputable, company as Sony has been found to be very badly wanting in this shocking case. To the IT world they have shown a contemptuous disregard for their users privacy. They now have to deal with a huge loss of trust.


____________________________________________________
If you enjoyed this blog please consider donating £1.00!
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2011