Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Sony Games

PlayStation Network Hack Will Cost Sony $170M 189

Posted by Roblimo
from the that-has-to-hurt-at-least-a-little dept.
alphadogg writes "Sony expects the PlayStation Network hack will cost it $170 million this financial year, it said Monday. Unknown hackers hit the network gaming service for PlayStation 3 consoles in April, penetrating the system and stealing personal information from the roughly 77 million accounts on the PlayStation Network and sister Qriocity service. A second attack was directed at the Sony Online Entertainment network used for PC gaming. Sony responded to the attacks by taking the systems offline." Does the $170 million figure include compensation for PSN subscribers who suffered from the outage?
This discussion has been archived. No new comments can be posted.

PlayStation Network Hack Will Cost Sony $170M

Comments Filter:
  • by elrous0 (869638) * on Monday May 23, 2011 @10:21AM (#36217756)

    All they need to do is add a bunch more PSN subscribers, and they can make it up in monthly subscription fees.

    Problem solved. You're welcome, Sony.

    • by matt_gaia (228110)

      If by adding subscribers, you mean PSN+ subscribers, then yes, they can recoup some money that way.

      If you mean regular, old PSN subscribers, then, well.... *facepalm*

    • All they need to do is add a bunch more PSN subscribers, and they can make it up in monthly subscription fees.

      Problem solved. You're welcome, Sony.

      And how do you propose they recoup the lost confidence from their developers and publishers [slashdot.org]?

      • by xMrFishx (1956084)
        Money, mostly. Probably bribes, good marketing (spin) and a bit more money. They might grovel a bit too, but I doubt it.
      • And how do you propose they recoup the lost confidence from their developers and publishers?

        Another Spiderman movie, and game. It's about the money, screw the 'hearts and minds' BS, and it's Sony, so if you're going to tell me that they are separate companies, put a cork in it :-)

        • by geekoid (135745)

          " it's Sony, so if you're going to tell me that they are separate companies, put a cork in it :-)"

          Ah, another /. user who is completely clueless is the ways of business and financial, but to wrap up in their self worth to actually be able to consider it their failing, and just tell be to shut up instead of educate them.

          You're a petty fool who refuses to learn anything contrary then your opinion.

      • by kimvette (919543) on Monday May 23, 2011 @11:32AM (#36218674) Homepage Journal

        And how do you propose they recoup the lost confidence from their developers and publishers [slashdot.org]?>

        Stop being so evil, for starters.

        Sony's motto as of late seems to be: "Do as much evil as possible."

        And now they are reaping what they have sown. I don't agree with the script kiddies' actions against Sony (i'm partial to destroying them economically through large-scale boycott) but Sony did have it coming to them. Taking away the OtherOS option (which is fraud; a bait-and-switch move by removing one of the key selling points) and then suing a customer who decided to take the functionality back was probably just the final straw. After installing rootkits (infringing on GPL'd code copyrights in the process) to customers' systems (a felonious act; accessing computer systems without authorization), falsely advertising product, building shoddy product and having some of the worst customer service in existence, are they actually surprised they are the target of script kiddies everywhere?

        They invited it through their actions.

        • Taking away the OtherOS option (which is fraud; a bait-and-switch move by removing one of the key selling points)

          OtherOS was never a selling point to the vast majority of PS3 owners who probably never knew you could install Linux on the thing. I say that as someone who DID at one time have YDL on my PS3.

          And as well all know, you can still have OtherOS if you want, you just won't be able to access PSN. It's your choice either way.

          I'd also wager that most of the people who complain about the removal of OtherOS, never actually used that functionality, or perhaps never even owned a PS3 in the first place.

          • Re: (Score:3, Insightful)

            by TheReaperD (937405)

            OtherOS was never a selling point to the vast majority of PS3 owners who probably never knew you could install Linux on the thing.

            With the exception of programmers and high-end hackers... Which just happens to be the people Sony pissed off. The script kiddies just joined in for the fun after the fire fight started. This is very much a Sony created problem.

          • Re: (Score:3, Insightful)

            by thsths (31372)

            > And as well all know, you can still have OtherOS if you want, you just won't be able to access PSN. It's your choice either way.

            I'll cut of one of your arms, and you tell me which one. It is your choice, and therefore your fault if you lose the right arm (or the left).

            Even the strongest Sony fanboy should see the flaw in the argument.

          • I paid for OtherOS and PSN access. Why should I have to choose when I bought both?

            I'll take that wager - everyone I know who complains about OtherOs removal did use it.
          • by sjames (1099)

            So since they didn't actually KILL the feature that at least some people actually valued, they just shot it's kneecaps off so that's OK?

            If nobody cared at all, then why do I, not the owner of a PS3, even know about it?

    • by GweeDo (127172)

      How many Zero Dollar per month accounts do they need to equal $170,000,000 again?

  • by Whatanut (203397) on Monday May 23, 2011 @10:35AM (#36217910)

    Let's be honest. This is an outage of an entertainment network. I don't think anyone can really claim they suffered due to it not being available. If anything they may have gained by the fact that they did something else.

    Now, if you want to argue that people are suffering due to the information loss, I'll go with that one. But not from the outage itself.

    • by Blackwulf (34848) on Monday May 23, 2011 @11:15AM (#36218436) Homepage

      I imagine publishers that make their living selling downloadable games on PSN suffered from this outage in a highly economic way.

      • by dreemernj (859414)
        The developers are a different story, but I just want to point out that the OP was talking about the line:

        Does the $170 million figure include compensation for PSN subscribers who suffered from the outage?

        For the subscribers, there wasn't really a huge suffering because of the outage and they were given free games.

        The developers are probably pissed. I recall someone from Capcom claimed they were losing millions because of the outage.

        • by idontgno (624372)
          The question stands, though. "Free games" is (on paper) giving away something of value. That value has to be accounted for someplace. (I'm sure auditors, shareholders, and the SEC would insist.) So, is the value of the subscriber compensation already in the $170 million, or not?
      • by Sir_Sri (199544)

        only so much. I make a living selling games to a particular market*. Those people still want to buy my particular game. If it wasn't available for the last 3 weeks that hurts my revenue stream, but on a year over year basis it probably won't hurt much. No more than delaying a book launch for a month really hurts the author.

        Unlike news, where being out for a month would mean you have no revenue for that month and your competitors pick up the slack, gaming is a series of niches, and people will still want

    • by Yetihehe (971185)
      Yeah. As soon as PSN got down, bin Laden was shot down too. Maybe those soldiers searching for him just played too much playstation?
    • by Svartalf (2997) on Monday May 23, 2011 @11:24AM (#36218562) Homepage

      It's NOT the "Not Available" part that's the problem here... It's the leakage of info that's the real issue. 77 million. At least part of them with credit cards, some of those in the clear in violation of PCI security standards.

      • by xero314 (722674)

        It's NOT the "Not Available" part that's the problem here... It's the leakage of info that's the real issue. 77 million. At least part of them with credit cards, some of those in the clear in violation of PCI security standards.

        Other the vast majority of the information, and nearly all the unencrypted/hashed information (with the exception of the so called security questions for password retrieval). , is public domain, at least in the united states. I would also like someone to point me to a reputable reference providing admission or evidence that credit card information was retrieved from the PSN intrusion. I'm not saying it doesn't suck, I'm just saying that most of the concern is unwarranted.

    • by dreemernj (859414)
      I thought the free games they gave out were the compensation for the outage.
    • by nedlohs (1335013)

      Why is something else of more value?

      Your opinions on the relative worth of leisure activities are the gold standard now?

    • by geekoid (135745)

      If you paid to see a movie, but then founf out some idiots locked all the door, you would be out the 10 bucks a ticket.

      So while it's entertainment, you are still out money and time.

      I paid to play some games online, then I couldn't. therefore I have incurred a loss.

      "If anything they may have gained by the fact that they did something else."
      because socializing via games with your friends from around the globe is worth while ? why not. In fact, please tell me why games aren't a worthwhile way to spend some tim

      • because socializing via games with your friends from around the globe is worth while ?

        Well if you mention it like that it doesn't sound so bad. On the other hand you are spending most of your time sitting on your ass and using relatively little brain power, whereas you could be taking a jog, working on an electronics project or something else more physically/intellectually stimulating.

        Games are fun, but they have a nasty tendency to trap people (they are engineered to be wonderfully addictive of course). A

  • by Sonny Yatsen (603655) * on Monday May 23, 2011 @10:36AM (#36217926) Journal

    Look, the compensation that Sony is giving out in the aftermath of the PSN attack is peanuts. It doesn't cost them a hell of a whole lot to set up. The free two games? Sony already has deals set up with developers to provide "free" games to PSN plus subscribers, the additional cost of a few extra free games to all subscribers (who might not even take advantage of it, since most of these games are ancient and they probably already have it) is marginal, at best. The one month of free PSN+ for subscribers doesn't cost much, either, since it's only a small minority with PSN+ accounts. I'd doubt that the compensation would cost them much more than a few million dollars at best.

    • by countertrolling (1585477) on Monday May 23, 2011 @10:47AM (#36218042) Journal

      Peanuts are expensive. There'll be probably three to the package, like what the airlines serve.. to save weight, of course

    • by DrXym (126579)
      That's probably true. I still expect people to still be all over the free games which are not bad titles at all.
    • by wjousts (1529427)
      I'd also say they might be hoping that a few people will decide to continue their PSN+ subscription after they get a free month, so actually Sony might come out ahead on that one. Same goes for the credit monitoring, they probably got a cut rate deal with the credit monitoring company in exchange for Sony basically giving that company your personal information (so they can spam you or else sell on your info) and with the expectation that some people will continue to want monitoring after the first year (at
  • by Osgeld (1900440) on Monday May 23, 2011 @10:38AM (#36217956)

    How much is this going to cost the people who's credit information was stolen? fuck Sony I don't care how much it will cost them!

    • by xero314 (722674)

      How much is this going to cost the people who's credit information was stolen?

      So far, nothing, since there has yet to be a single confirmed case of fraud against card information retrieved from PSN. So far there has not even been any confirmation that card information was stolen. If you can provided a source confirming stolen card information, please post it.

  • Was it worth it? (Score:5, Interesting)

    by ArcRiley (737114) <arcriley@ubuntu.com> on Monday May 23, 2011 @10:40AM (#36217974)

    The real question is whether it would have cost them $170 million to leave the OtherOS feature alone. Lets not forget Sony started the fight with the community by removing a feature originally provided on the hardware that was used heavily by researchers and programmers at home. Then the community found a way to root the PS3, then they patched it, then the root keys were found, then they started blocking rooted consoles from the network, then the network was taken down for everyone.

    The community is big, Sony is small, and there are enough fringe elements in the community to make us dangerous as a whole. Hopefully they've learned their lesson and begin behaving in a more cooperative manner with the community, but I have a feeling they're just going to raise the stakes even further.

    • Re: (Score:3, Insightful)

      by tepples (727027)

      The community is big, Sony is small

      Then why doesn't the community organize to buy 51% of SNE, or at least enough stock to get someone on the board?

      • by ALeavitt (636946) <<aleavitt> <at> <gmail.com>> on Monday May 23, 2011 @10:54AM (#36218124)
        They obviously had someone on board, or OtherOS never would have been available in the first place. Because they had someone on board, they purchased PS3s. Then somebody else made the decision to retroactively remove functionality from the devices that they purchased, and they felt rightly outraged. It shouldn't be necessary to be a stockholder to expect that the consumer devices that you purchase won't be remotely disabled without any recourse in what essentially amounts to a bait-and-switch.
        • by DCFusor (1763438)
          No, it was just a bean counter that figured out if they could sell it as also a computer, rather than a gaming device, that they'd be excluded from many sorts of taxes in the EU. That is all. They never had customer interest at heart, other than to help them evade some predatory taxes. Once that was settled, no need for other OS.

          As a trader - when things line up this nicely, I go short on things like SNE....and while you probably shouldn't have to do anything or pay attention to not get screwed -- sho
          • No, it was just a bean counter that figured out if they could sell it as also a computer, rather than a gaming device, that they'd be excluded from many sorts of taxes in the EU.

            No. That's a untruth that just won't die. As I've said many times, it was the Yabasic disc that was included with EU PS2's that was an attempt to bypass the tariff. That failed but the tariff was repealed soon after, BEFORE Linux for the PS2 or PS3 was ever released.

      • by gman003 (1693318)
        Because we're rebels, and we don't do things that way. That's the way the man would do it.

        Do you want to be the man? I didn't think so.
    • Re: (Score:3, Informative)

      by Duradin (1261418)

      "Lets not forget Sony started the fight with the community"

      Hmm, I thought the community started the fight by using OtherOS to hack the PS3's security.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        I thought Sony started the fight when they tried to secure for themselves hardware that they did not own.

      • No, Sony started the fight by making half the system's RAM off-limits to homebrew. The Other OS hypervisor didn't provide any sort of 3D or 2D acceleration or even a well-defined method to use otherwise unused VRAM as a RAM disk. As I understand it, the only way Geohot and others tried to "hack the PS3's security" before this whole incident was just to try to do basic things with the GPU.
        • Your post is somewhat incorrect.

          The "half of the RAM" that you're referring to is the RAM attached to the PS3's GPU. Which was most certainly available to Linux, if only as very fast swap, at least with Yellow Dog. (Other distributions may not have had that enabled)

          You are correct about the lack of hardware video/3D acceleration. Course, 2D homebrew was quite possible. You really don't need acceleration to play a 2D puzzle game, or roguelike.

          • by tepples (727027)

            You really don't need acceleration to play a 2D puzzle game

            I never got in on PS3 Other OS when it was available. By "puzzle game", are you referring to games that don't scroll? Specifically, would a 2D side-scrolling platformer have needed acceleration?

    • by wjousts (1529427)
      Baseless speculation. Unless you know something we don't there is no direct evidence that the hack was related to the removal of the other OS feature and not just a criminal act with the sole intention of stealing cash.
    • by mlts (1038732) * on Monday May 23, 2011 @10:59AM (#36218192)

      I think their next step is going to be wringing their hands in front of Congress asking for tougher laws against "hackers". Laws demanding hardware DRM stacks, ACTA, Son-of-ACTA, and other stuff (which have little to do with hacking, but a lot to do with basic free speech.) I'm sure they will be labelling the people who "jailbroke" the PS3 as the same people who stole their credit card data.

  • by Drethon (1445051) on Monday May 23, 2011 @10:43AM (#36218004)
    I got an e-mail about a free month and a half or something like that on all games I previously held an account on... They going to bring the MxO server back up for a month and a half?
  • A simple SQL injection revealed user info from there, so let's keep that tab open Sony.
  • Seems "light" (Score:4, Insightful)

    by Archangel Michael (180766) on Monday May 23, 2011 @10:45AM (#36218020) Journal

    The estimate seems a tad "light". That might be direct costs (compensation, credit monitoring, lost revenue during outage etc), things that can be measured directly. However I'm sure that there is a a huge hidden cost that is not being included. I can't imagine it being anything less than half a billion in related losses. People think security is expensive. Lack of security is even more expensive.

    Sony is no longer the paragon of technology they once were in the days of the Walkman.

    • by wjousts (1529427)

      I can't imagine it being anything less than half a billion in related losses.

      Really? Please show your work.

      I don't disagree that this seems low and probably doesn't include the intangible costs of damage to their reputation, lost opportunity and the like, but I'm not going to pull a number out of thin air.

      • Show my work gets you to 177 Million. Those be the Direct Costs, the ones you can put pencil to paper on. The Long Term Costs are hidden but just as real. People are noticing PSN being down, People are noticing credit problems, The word is spreading. This is just might kill off PSN and possibly Playstation altogether. I was in Fry's just this weekend, and all the PS systems were in Discount Bins. I asked nearest clerk about that, and he mentioned "problems at Sony".

        But for your information, my number is bas

        • by wjousts (1529427)

          But for your information, my number is based off 3 times the known, immediate costs, which figures to be 531 Million, or over half a billion. Why three times? It seemed reasonable long term cost associated.

          So you pulled it out your ass then? Got it.

    • by DCFusor (1763438)
      Yes, it's light indeed. They don't (and honestly/legally can't) record what we all know will be losses in the future due to this -- we'll see that later on when they make "any" money and need tax losses against it.

      You learn these things as a stock trader -- some things get recorded later as a matter of course, usually to "paint the tape", but sometimes just as good business practice as the future isn't as predictable as most seem to think, and loss of reputation sometimes miraculously doesn't matter to
  • by chemicaldave (1776600) on Monday May 23, 2011 @10:47AM (#36218040)

    What would have been the cost to upgrade their system to prevent this in the first place?

    Yes, I know some things you cannot predict, but supposing they knew about each vulnerability. How much would it have cost? $170M is a lot of money, but I know that infrastructure changes in big entities can cost a lot of money.

    • by Jawnn (445279)

      What would have been the cost to upgrade their system to prevent this in the first place?

      Less. It's always less, and almost as consistently, the decision makers choose to gamble with security instead of insuring security. "Seven! Line away."

    • This does not "beg the question".

      For this to beg the question, the scenario would have to be something like:

      1. I ask you: how much will the PlayStation Network hack cost Sony?
      2. You say: Let us assume <fact #1>, <fact #2>, that Sony lost $170M, and <fact #4>
      3. You answer: Therefore, the hack cost Sony $170M.

      That is begging the question. What you meant is "This makes me wonder..." or less optimally (because of it doesn't indicate who is doing the questioning) "This raises the question...".

      I know pe

      • by nedlohs (1335013)

        The rest of us have kept up with English usage changes.

        • The rest of us have kept up with English usage changes.

          Don't get me wrong--in terms of grammar and usage, I very much take a descriptivist approach rather than a prescriptivist one. I didn't post because the usage was wrong, I mentioned it because I think it sounds stupid. For one reason or another, it's a mutation of English I would rather not see.

          Whether it was worth posting about is a valid matter of debate. It seemed like an easy enough place to demonstrate what the fallacy of begging the question is. I had some time to kill.

    • by Dhalka226 (559740)

      Actual money? Less. Significantly less.

      Opportunity costs? They could be significant. PSN was obviously a part of the sale of PS3, which was released November 11th. If they take the extra time, do they miss the Christmas shopping season altogether? I believe XBox 360 was already out. The Wii was coming out one week later. Could they really afford to wait and let people make their console purchasing decisions without them even a choice? It's easy to say "they made $X, they could have made $X a few

  • by chemicaldave (1776600) on Monday May 23, 2011 @10:51AM (#36218092)
    ... considering their estimated FY2011 $3.1B loss due to natural disasters.
  • When you figure in the customers who they have finally "turned off" who just won't buy Sony 'anything' anymore, Sony may just have permanently set a backward slide.

    It only takes one or two 'hits' from a manufacturer treating a customer badly to cause a consumer to give up on a brand. You hear comments like that all the time.

    For me, the rootkit fiasco & a $3000 Sony TV that a bit over a year later had the remote fail and they no longer sold that model of remote was the last straw. Good companies don't

    • by DCFusor (1763438)
      When most of your customers on a platform are only 13 yr olds who have only been dimly aware of the world for less than half that -- you can get away with more. Daddy just buys what the kids demand.
  • it does pay to ignore security.
  • The real cost is not 170,000,000.00$, it is 170,000,009.99$ because I was planning to buy Tetris from the PSN and with their lousy security they just lost my business...

    That should teach them, and if this is not enougn, I will also not hesitate to send them a strongly worded letter.

  • by Fujisawa Sensei (207127) on Monday May 23, 2011 @10:57AM (#36218156) Journal

    The hack won't actually cost them a time.

    The compensation will be in the form of a PSN+ subscription. But you will still have to cough up a credit card or something. Then it will be the users responsibility to unsubscribe when the free subscription is up. Most of the Sony lemmings won't notice until the CC bill arrives, then they will already be in the second month of service and have to pay for that too.

    So Sony is still going to make money from the deal.

    • by muridae (966931)
      Except, they aren't requiring you to sign up with the hope of billing you when you forget. As far as I know, which is just SOE games and not the PSN+, they haven't even changed the license to say "by taking this free stuff you agree not to sue." They will make their money, but it won't be as cynically as you expect.
    • by King_TJ (85913)

      Well, that's not quite true either.... Among other things, Sony did agree (finally) to give people a free year of credit protection with one of those paid services that monitors your report. They're paying something for that.

      There's also the cost of hiring whatever outside security experts were hired to investigate the hack and advise on more secure alternatives to implement, moving forward.

  • I think the high cost is good thing. It creates a strong business case for security. companies will only take information security seriously when 1. there a very real cost associated 2. the cost of strong information security is less than the costs of loosing information. Earned value to the rescue! [Probability of getting hacked] * [cost of hack (170 million)] [cost of infoSec department]
    • You may rest assured that this calculation was already done, and the probability was deemed "near zero". Why? Because it's easier to put some idiot on the CSO hotseat than to hire someone who knows what he's doing, pay him accordingly and also hand him a budget high enough that he doesn't quit on the spot again when he notices that he's just hired as the idiot to keep the "guy to fire when shit hits fan" seat from walking away on its own.

  • The 170M is just the cost to hire security consultants to... make the security the way it should have been from day 1, apply security patches and actually put some real security people in the loop. Actual damages were most likely peanuts.
  • It would have been far cheaper to just hire qualified staff, and pay them a decent wage.
  • It's that big fat zero at the end of the calculation.

  • Does this also include the bonuses they will pay to the execs this year?
  • Does the $170 million figure include compensation for PSN subscribers who suffered from the outage?

    Probably not. The (old) games they're offering in "compensation" are ones that I wasn't planning to buy anyway. I'm sure I'm far from the only one that can say that. Add that group together with the group composed of people who have already bought those games, and factor in the fact that digital downloads don't really cost the company anything, and you end up with a few people feeling left out (because they bo

  • 2-3 stolen songs worth? (RIAA scale) phhht.
  • People like me who said, "that's the last straw, Sony. I'm never buying another television, audio system, game console, camera, computer, remote control, or set of headphones from you again because you'll eventually tie everything into your worthless, insecure 'PlayStation Network' and everyone who wasted their money on your 'premium' products will be up the creek without a paddle the next time this happens."

    Probably not.

    I eBay-ed my PS3 last month, replaced it with a standard Blu-Ray player that does
    • by sycorob (180615)

      You hit a nerve with me. I wanted to watch a movie earlier in the week, and I hadn't changed my password or done the update yet since the whole PSN debacle. It didn't even register that there was a BluRay disk in the slot. After resetting my password and doing the mandatory software update, I could finally watch the movie. Thanks, Sony.

      (sigh) It still works better than my old Samsung BluRay player, which I had to ship back to them a couple of times, and I like that I can play a game occasionally when I ha

  • Okay, so everyone thinks the cost is directly financial. What about the cost in PR?

    This company just got mentioned in article after article in just about every newspaper on the globe. No pretty headlines, either. Lax security. Leaked data again? Oh.

    The direct cost might be possible to calculate - but the cost of no one trusting Sony with personal data could disrupt their online business entirely.

    The rootkit disaster, as often mentioned, still sits in all of our minds and everyone we talk with. Do not undere

Mediocrity finds safety in standardization. -- Frederick Crane

Working...