Sony is finally coming clean with some more details of just how much information the hackers got away with during their attack on the PlayStation Network. In a post to the official blog, the company runs through numerous questions, but the most pertinent is possibly what happened to the data.
The entire credit card table was encrypted and we have no evidence that credit card data was taken.
While the encryption is nice, depending on what type it is, it could still be hacked. The fact that the data was not taken it all apparently is actually the best news. However, there is still some bad news as well.
The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
While it’s nice that Sony had this data behind “a very sophisticated security system”, why wasn’t in encrypted? There are over 70 million users of the PlayStation Network, and now their personal data is out in the wild. This could involve passwords, home addresses, security question answers and a whole lot more.
Sony is still saying that the network should be back up by no later than next Wednesday, but they want to be clear that they “will only restore operations when we are confident that the network is secure.”. Hopefully this will include the encrypting of personal data from here on out.
Sony has also said that all users will be required to reset their passwords before logging into the network again, and our suggestion would be you check all of your passwords across all services. As people tend to reuse passwords, if your PSN password was used on any other service, you’re going to need to change it immediately as the hackers now have enough data to put two and two together to figure out other places the password may work. When adding new passwords, make sure you build a secure password, and then don’t use it on any other sites or services.
What do you think about Sony not encrypting the user data?