According to The Hindu, 2.2 million credit card numbers stolen from the Sony Playstation Network, complete with CVV numbers, are up for sale.
In the article, it's stated that Keven Stevens from Trend Micro had seen chatter on hacker networks about the sale of the information, for a reported $100,000.
The information was not seen by Stevens, and it could be that the hackers are just bragging. And Sony claims that the credit card information was encrypted, and that they never asked for CVV numbers.
Over on Wired.com, there's an article that reveals Sony was apparently using old, superseded versions of Apache on all of their servers, and that they left unused server functions in the PS3's firmware, which could potentially be used to access the network.
While older versions of Apache may not necessarily have dangerous bugs, nor does unused server functions mean the door's wide open, if you combine these things with the fact that Sony took several days to disclose the seriousness of the issue, you get a company that is behind the times.
People learn on a daily basis what happens when they do not keep their anti-virus software current. People learn on a daily basis that they shouldn't freely give out their personal information to just anyone. People learn on a daily basis that maybe they shouldn't have left their front doors unlocked.
Sony has learned a similar lesson this past week.
You can not continue to do business as it was done 30 years ago, back in the 1980s. A multinational company cannot be monolithic. Your brand is one of your biggest assets, and if something taints your brand, you could find yourself facing a PR whirlwind you didn't want to reap.
When a customer has a complaint, they can reach a far wider audience today than they could in the past. And a company has little recourse, except to address the issue, unless the complaint is false, or libelous. One tweet can spread the word far and wide in seconds, and individuals with the same issue can quickly find each other and organize.
Stalling won't work, and can potentially do more damage. The best course of action is to take action. Say something, even if it is only "We're sorry for the current outage. At this time we do not have all the information we require to understand the full impact of the intrusion. While all your credit card information was secure, we cannot, at this time, rule out the potential theft of your credit card information. We advise all customers to monitor their credit card/debit card/bank statements for any odd behavior. We will post new information when we receive it." That's all it would have taken.
It is only going to get worse, Sony, before it gets better.
And I am seeing now over Twitter that Sony is calling a press conference tonight. I have half a mind to stay up and watch... assuming I can find a live feed.
No comments:
Post a Comment