Wednesday, April 27, 2011

PSN what a mess

Six days after Sony took down the Playstation Network they've posted that account information may have been compromised. Understandably some patrons are venting on the official blog while others are defending Sony's actions.

The actions they took I agree with. Shut everything down so you can assess the damage and gather evidence to identify the culprits. Their PR efforts, however, left a lot to be desired. From their own blog entries they state they took the network down on the night of the 20th April however the first official notice of this came at 09:15 via a tweet claiming it was down for maintenance. This tweet has now been deleted!

An hour later the EU blog caught up and posted the same information regarding maintenance. This entry was then modified to state that they were investigating the cause of the "Network outage".

Except we know the cause of the outage you told it us it was for maintenance.

It took until the 23rd to admit that they'd been an "external intrusion".

The night of the 26th we are told that account information may have been compromised.

Now here's the thing according to the latest blog entry they " learned there was an intrusion 19th April and subsequently shut the services down" except as I've just said that didn't occur until the 20th or the early morning of the 21st. Now I can understand that taking the entire network offline is a major decision and needs some time to think about it; but they then lied to us by stating it was for maintenance and then seem to have tried to hide the fact that they lied to us by deletion and modification of such entries.

They should have told us as soon as they knew they'd been an attack. They should have told us that they were currently investigating whether account information had been compromised or not. Instead they waited until they had definite evidence and then told us. Whether true or not it seems that Sony were providing only the minimum of information they needed to and their first instincts seemed to be to 'massage the information'.

Not the best way to engender trust.

[As an aside I'm really not that panicked. The email address I use for the Playstation I don't use for anything else likewise the password. They may have an address and DOB as well as my credit card number but they don't have the security code (supposedly) so there's less they can do with it]