PlayStation Network Hack Will Cost Sony $170M 189
alphadogg writes "Sony expects the PlayStation Network hack will cost it $170 million this financial year, it said Monday. Unknown hackers hit the network gaming service for PlayStation 3 consoles in April, penetrating the system and stealing personal information from the roughly 77 million accounts on the PlayStation Network and sister Qriocity service. A second attack was directed at the Sony Online Entertainment network used for PC gaming. Sony responded to the attacks by taking the systems offline."
Does the $170 million figure include compensation for PSN subscribers who suffered from the outage?
Yeah, but they can make it up in volume (Score:5, Funny)
All they need to do is add a bunch more PSN subscribers, and they can make it up in monthly subscription fees.
Problem solved. You're welcome, Sony.
Re: (Score:2)
If by adding subscribers, you mean PSN+ subscribers, then yes, they can recoup some money that way.
If you mean regular, old PSN subscribers, then, well.... *facepalm*
And for Developers/Publishers? (Score:2)
All they need to do is add a bunch more PSN subscribers, and they can make it up in monthly subscription fees.
Problem solved. You're welcome, Sony.
And how do you propose they recoup the lost confidence from their developers and publishers [slashdot.org]?
Re: (Score:2)
Re: (Score:2)
And how do you propose they recoup the lost confidence from their developers and publishers?
Another Spiderman movie, and game. It's about the money, screw the 'hearts and minds' BS, and it's Sony, so if you're going to tell me that they are separate companies, put a cork in it :-)
Re: (Score:2)
" it's Sony, so if you're going to tell me that they are separate companies, put a cork in it :-)"
Ah, another /. user who is completely clueless is the ways of business and financial, but to wrap up in their self worth to actually be able to consider it their failing, and just tell be to shut up instead of educate them.
You're a petty fool who refuses to learn anything contrary then your opinion.
Re:And for Developers/Publishers? (Score:5, Insightful)
Stop being so evil, for starters.
Sony's motto as of late seems to be: "Do as much evil as possible."
And now they are reaping what they have sown. I don't agree with the script kiddies' actions against Sony (i'm partial to destroying them economically through large-scale boycott) but Sony did have it coming to them. Taking away the OtherOS option (which is fraud; a bait-and-switch move by removing one of the key selling points) and then suing a customer who decided to take the functionality back was probably just the final straw. After installing rootkits (infringing on GPL'd code copyrights in the process) to customers' systems (a felonious act; accessing computer systems without authorization), falsely advertising product, building shoddy product and having some of the worst customer service in existence, are they actually surprised they are the target of script kiddies everywhere?
They invited it through their actions.
Re: (Score:3)
Taking away the OtherOS option (which is fraud; a bait-and-switch move by removing one of the key selling points)
OtherOS was never a selling point to the vast majority of PS3 owners who probably never knew you could install Linux on the thing. I say that as someone who DID at one time have YDL on my PS3.
And as well all know, you can still have OtherOS if you want, you just won't be able to access PSN. It's your choice either way.
I'd also wager that most of the people who complain about the removal of OtherOS, never actually used that functionality, or perhaps never even owned a PS3 in the first place.
Re: (Score:3, Insightful)
OtherOS was never a selling point to the vast majority of PS3 owners who probably never knew you could install Linux on the thing.
With the exception of programmers and high-end hackers... Which just happens to be the people Sony pissed off. The script kiddies just joined in for the fun after the fire fight started. This is very much a Sony created problem.
Re: (Score:3, Insightful)
> And as well all know, you can still have OtherOS if you want, you just won't be able to access PSN. It's your choice either way.
I'll cut of one of your arms, and you tell me which one. It is your choice, and therefore your fault if you lose the right arm (or the left).
Even the strongest Sony fanboy should see the flaw in the argument.
Re: (Score:2)
I'll take that wager - everyone I know who complains about OtherOs removal did use it.
Re: (Score:2)
So since they didn't actually KILL the feature that at least some people actually valued, they just shot it's kneecaps off so that's OK?
If nobody cared at all, then why do I, not the owner of a PS3, even know about it?
Re: (Score:2)
How many Zero Dollar per month accounts do they need to equal $170,000,000 again?
Re: (Score:2)
I'll leave the specifics to the accountants.
Re:Yeah, but they can make it up in volume (Score:5, Insightful)
I doubt it. Come September, things will be exactly business as usual with the PSN breach completely forgotten about by then.
I also doubt Sony lost much money. They might have lost a little bit handing out subscription time to compensate, as well as hiring some consultants to maybe add an IDS/IPS system in some places. However, realistically, their losses from the PSN breach are negligible, probably less than it costs to do a promotion of a new game.
Call me cynical, but a lot of firms know that they can skimp on security because it doesn't make them money. If they get breached, they make a token effort to "clean it up", and business goes on. It is going to take governments stepping in, and having nasty criminal/civil consequences happen to companies who go lax on internal security for this to ever change.
Re: (Score:2)
Re: (Score:2)
Funny thing is that Sony could easily have a revenue stream for dedicated computers if they sell unlocked PS3s.
Even if the device didn't have the ability to run PS3 games, I'm sure that they would be quite useful in a lot of applications, from server appliances to firewalls, to compute clusters (a la the USAF's baby.) Because it is a non x86 architecture, malware would have to be specifically coded to attack it.
Win/Win for Sony, if they cared to dip their toe in these waters.
Re: (Score:2)
Also... how are they going to "add a bunch more PSN subscribers" magically after the PSN's image has been screwed so fantastically? Even my girlfriend had heard of the PSN fiasco. People are (maybe) going to be much more careful with their data now.
By giving free shit away, as they're doing for existing subscribers. I could well see them printing out voucher codes and packing them in with new PS3s, good for 1 free game. Yes it will cost them money but seeing as these are largely Sony games I'm sure it's a lot less than their face value and probably deductible too in some way as a writeoff.
Re: (Score:2)
Nobody buys a PlayStation for productivity (except possibly researchers).
Nobody uses the PSN for productivity.
Of course, there are more productive things you can do in place of a recreational activity. But that's the point. Now, if you said people without the PSN found other recreational activities that are MORE FUN, I'd agree, that could be a problem.
Nearly everyone had the opportunity to read books, play solo games and watch hulu/TV before the PSN existed. So the fact that those things still exist aren
Define "suffered from the outage" (Score:5, Insightful)
Let's be honest. This is an outage of an entertainment network. I don't think anyone can really claim they suffered due to it not being available. If anything they may have gained by the fact that they did something else.
Now, if you want to argue that people are suffering due to the information loss, I'll go with that one. But not from the outage itself.
Re:Define "suffered from the outage" (Score:5, Insightful)
I imagine publishers that make their living selling downloadable games on PSN suffered from this outage in a highly economic way.
Re: (Score:2)
For the subscribers, there wasn't really a huge suffering because of the outage and they were given free games.
The developers are probably pissed. I recall someone from Capcom claimed they were losing millions because of the outage.
Re: (Score:2)
Re: (Score:2)
only so much. I make a living selling games to a particular market*. Those people still want to buy my particular game. If it wasn't available for the last 3 weeks that hurts my revenue stream, but on a year over year basis it probably won't hurt much. No more than delaying a book launch for a month really hurts the author.
Unlike news, where being out for a month would mean you have no revenue for that month and your competitors pick up the slack, gaming is a series of niches, and people will still want
Re: (Score:3)
Re:Define "suffered from the outage" (Score:4, Informative)
It's NOT the "Not Available" part that's the problem here... It's the leakage of info that's the real issue. 77 million. At least part of them with credit cards, some of those in the clear in violation of PCI security standards.
Re: (Score:2)
It's NOT the "Not Available" part that's the problem here... It's the leakage of info that's the real issue. 77 million. At least part of them with credit cards, some of those in the clear in violation of PCI security standards.
Other the vast majority of the information, and nearly all the unencrypted/hashed information (with the exception of the so called security questions for password retrieval). , is public domain, at least in the united states. I would also like someone to point me to a reputable reference providing admission or evidence that credit card information was retrieved from the PSN intrusion. I'm not saying it doesn't suck, I'm just saying that most of the concern is unwarranted.
Re: (Score:2)
Re: (Score:2)
Why is something else of more value?
Your opinions on the relative worth of leisure activities are the gold standard now?
Re: (Score:2)
Of course. Didn't you get the memo?
Re: (Score:2)
If you paid to see a movie, but then founf out some idiots locked all the door, you would be out the 10 bucks a ticket.
So while it's entertainment, you are still out money and time.
I paid to play some games online, then I couldn't. therefore I have incurred a loss.
"If anything they may have gained by the fact that they did something else."
because socializing via games with your friends from around the globe is worth while ? why not. In fact, please tell me why games aren't a worthwhile way to spend some tim
Re: (Score:2)
Well if you mention it like that it doesn't sound so bad. On the other hand you are spending most of your time sitting on your ass and using relatively little brain power, whereas you could be taking a jog, working on an electronics project or something else more physically/intellectually stimulating.
Games are fun, but they have a nasty tendency to trap people (they are engineered to be wonderfully addictive of course). A
Compensation is Peanuts (Score:5, Insightful)
Look, the compensation that Sony is giving out in the aftermath of the PSN attack is peanuts. It doesn't cost them a hell of a whole lot to set up. The free two games? Sony already has deals set up with developers to provide "free" games to PSN plus subscribers, the additional cost of a few extra free games to all subscribers (who might not even take advantage of it, since most of these games are ancient and they probably already have it) is marginal, at best. The one month of free PSN+ for subscribers doesn't cost much, either, since it's only a small minority with PSN+ accounts. I'd doubt that the compensation would cost them much more than a few million dollars at best.
Re:Compensation is Peanuts (Score:5, Funny)
Peanuts are expensive. There'll be probably three to the package, like what the airlines serve.. to save weight, of course
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Exactly, I've never played LBP or the original Infamous and am going to try them out.
Re: (Score:2)
Your opinion sucks, some of the best games for the console are on the list. Infamous, LBP, and Wipeout HD + Fury pack (the Fury pack adds so much value to the game) are included and they're all terrific.
Re: (Score:2)
Bravo, Sony. Well played. You managed to piss in my pocket and tell me it was raining.
So what? (Score:3)
How much is this going to cost the people who's credit information was stolen? fuck Sony I don't care how much it will cost them!
Re: (Score:2)
How much is this going to cost the people who's credit information was stolen?
So far, nothing, since there has yet to be a single confirmed case of fraud against card information retrieved from PSN. So far there has not even been any confirmation that card information was stolen. If you can provided a source confirming stolen card information, please post it.
Re: (Score:2)
Was it worth it? (Score:5, Interesting)
The real question is whether it would have cost them $170 million to leave the OtherOS feature alone. Lets not forget Sony started the fight with the community by removing a feature originally provided on the hardware that was used heavily by researchers and programmers at home. Then the community found a way to root the PS3, then they patched it, then the root keys were found, then they started blocking rooted consoles from the network, then the network was taken down for everyone.
The community is big, Sony is small, and there are enough fringe elements in the community to make us dangerous as a whole. Hopefully they've learned their lesson and begin behaving in a more cooperative manner with the community, but I have a feeling they're just going to raise the stakes even further.
Re: (Score:3, Insightful)
The community is big, Sony is small
Then why doesn't the community organize to buy 51% of SNE, or at least enough stock to get someone on the board?
Re:Was it worth it? (Score:5, Insightful)
Re: (Score:2)
As a trader - when things line up this nicely, I go short on things like SNE....and while you probably shouldn't have to do anything or pay attention to not get screwed -- sho
Re: (Score:2)
No, it was just a bean counter that figured out if they could sell it as also a computer, rather than a gaming device, that they'd be excluded from many sorts of taxes in the EU.
No. That's a untruth that just won't die. As I've said many times, it was the Yabasic disc that was included with EU PS2's that was an attempt to bypass the tariff. That failed but the tariff was repealed soon after, BEFORE Linux for the PS2 or PS3 was ever released.
Re: (Score:3)
Do you want to be the man? I didn't think so.
Re: (Score:3, Informative)
"Lets not forget Sony started the fight with the community"
Hmm, I thought the community started the fight by using OtherOS to hack the PS3's security.
Re: (Score:3, Insightful)
I thought Sony started the fight when they tried to secure for themselves hardware that they did not own.
When trying to talk to the GPU (Score:5, Insightful)
Re: (Score:2)
Your post is somewhat incorrect.
The "half of the RAM" that you're referring to is the RAM attached to the PS3's GPU. Which was most certainly available to Linux, if only as very fast swap, at least with Yellow Dog. (Other distributions may not have had that enabled)
You are correct about the lack of hardware video/3D acceleration. Course, 2D homebrew was quite possible. You really don't need acceleration to play a 2D puzzle game, or roguelike.
Re: (Score:2)
You really don't need acceleration to play a 2D puzzle game
I never got in on PS3 Other OS when it was available. By "puzzle game", are you referring to games that don't scroll? Specifically, would a 2D side-scrolling platformer have needed acceleration?
Re:When trying to talk to the GPU (Score:4, Insightful)
I know. How generous and thoughtful of Sony to do something like accept that people should be able to use their own personal private property however they like. They should be nominated for a nobel prize. All those criminals who would do something so heinous as to write their own code should be thrown in jail immediately.
Re:When trying to talk to the GPU (Score:5, Informative)
Wait-- What!?
The PS3 has had a long standing, and almost glacially low, level of dedicated hacker interest compared to other contemporary systems which were targeted almost immediately after launch. Fail0verflow themselves even pointed out this timeline in their presentation.
http://www.youtube.com/watch?v=4loZGYqaZ7I [youtube.com]i
Throwing the bone to the homebrew community, however sparse on meat, was one of the biggest, if not *THE* biggest things (Given the very very sorry PKI implementation discovered years later...) sony did to help ensure profitability of their system in the face of piracy, since it removed the MOTIVE to hack the console! Why fix what isnt broken? If the console lets you run your own code already, why dig deeper?
The hackers like Geohot who were fuzzing the hypervisor were doing so to get a little more meat on that bone-- Not to raid the table, like you are implying. It wasn't until AFTER Sony took that bone away that the angry pitchfork carrying hackers teamed up to oust the baron from his lofty castle.
By taking the bone away totally, they created HUGE incentive to hack the system, along with deeply seated enmity. That enmity was kindled once before by the sony rootkit debacle, and once restoked, seems to have been one of the major motivational forces behind the seemingly systematic attacks against sony's infrastructure.
To do this right next time, to avoid further hacker enmity, and to prevent piracy on their next console (this one is irreversibly compromised), Sony needs to do the following:
1) Re-enable OtherOS like functionality, with access to the GPU. Access does not == white papers, so a sufficiently advanced custom GPU would take a lot of effort to map out functionality by the community, and would be an activity many would consider *fun*. While they are mapping out what the hardware can do, they are NOT trying to make copied games run. Without a whitepaper to work from, it would be very hard to compete with licensed commercial games. Your average NES emulator or Tetris clone would be about what you would expect to come out. Hardly a competitor for the latest Gears of War, or Red Faction type games.
2) Implement a correct and proper PKI. Give otherOS application code a unique public key to enable execution. Bonus if it uses a totally different private key too.
3) Stop retroactively removing features from consoles. It does not matter how unprofitable that functionality is-- DONT TOUCH IT!
4) Treat users with some dignity, stop warehousing their personal information, and store what information they DO collect on a server that isnt pitifully protected.
But no. You have already made up your mind that Geohot is Teh Badz, that hackers hacked the PS3 exclusively to cheat on online latter play, and that sony is the victim of these dreadful offenses.
No amount of factual reporting will change your mind either.
Please, correct me if I am mistaken in this evaluation, but your tone kept consistently on target with that viewpoint.
Re: (Score:2)
The problem isn't that they pandered to the homebrew crowd, the problem is that they did such a bad job of it that it turned out to be counter-productive. Then they gave up on it and turned the whole thing off instead of fixing it properly.
Contrast Sony's OtherOS with Microsoft's XNA.
Like pretty much everything else this console generation, Microsoft got it right and Sony screwed the pooch.
Re: (Score:2)
Re: (Score:2)
Re:Was it worth it? (Score:4, Insightful)
I think their next step is going to be wringing their hands in front of Congress asking for tougher laws against "hackers". Laws demanding hardware DRM stacks, ACTA, Son-of-ACTA, and other stuff (which have little to do with hacking, but a lot to do with basic free speech.) I'm sure they will be labelling the people who "jailbroke" the PS3 as the same people who stole their credit card data.
Compensation right... (Score:3)
What about Sony Music Greece? (Score:2)
Seems "light" (Score:4, Insightful)
The estimate seems a tad "light". That might be direct costs (compensation, credit monitoring, lost revenue during outage etc), things that can be measured directly. However I'm sure that there is a a huge hidden cost that is not being included. I can't imagine it being anything less than half a billion in related losses. People think security is expensive. Lack of security is even more expensive.
Sony is no longer the paragon of technology they once were in the days of the Walkman.
Re: (Score:2)
I can't imagine it being anything less than half a billion in related losses.
Really? Please show your work.
I don't disagree that this seems low and probably doesn't include the intangible costs of damage to their reputation, lost opportunity and the like, but I'm not going to pull a number out of thin air.
Re: (Score:2)
Show my work gets you to 177 Million. Those be the Direct Costs, the ones you can put pencil to paper on. The Long Term Costs are hidden but just as real. People are noticing PSN being down, People are noticing credit problems, The word is spreading. This is just might kill off PSN and possibly Playstation altogether. I was in Fry's just this weekend, and all the PS systems were in Discount Bins. I asked nearest clerk about that, and he mentioned "problems at Sony".
But for your information, my number is bas
Re: (Score:2)
But for your information, my number is based off 3 times the known, immediate costs, which figures to be 531 Million, or over half a billion. Why three times? It seemed reasonable long term cost associated.
So you pulled it out your ass then? Got it.
Re: (Score:2)
Pretty much, same way Triple damages are awarded in lawsuits of certain types.
Re: (Score:2)
You learn these things as a stock trader -- some things get recorded later as a matter of course, usually to "paint the tape", but sometimes just as good business practice as the future isn't as predictable as most seem to think, and loss of reputation sometimes miraculously doesn't matter to
This begs the question... (Score:3)
What would have been the cost to upgrade their system to prevent this in the first place?
Yes, I know some things you cannot predict, but supposing they knew about each vulnerability. How much would it have cost? $170M is a lot of money, but I know that infrastructure changes in big entities can cost a lot of money.
Re: (Score:2)
What would have been the cost to upgrade their system to prevent this in the first place?
Less. It's always less, and almost as consistently, the decision makers choose to gamble with security instead of insuring security. "Seven! Line away."
This *raises* the question (Score:2)
This does not "beg the question".
For this to beg the question, the scenario would have to be something like:
That is begging the question. What you meant is "This makes me wonder..." or less optimally (because of it doesn't indicate who is doing the questioning) "This raises the question...".
I know pe
Re: (Score:2)
The rest of us have kept up with English usage changes.
Re: (Score:2)
The rest of us have kept up with English usage changes.
Don't get me wrong--in terms of grammar and usage, I very much take a descriptivist approach rather than a prescriptivist one. I didn't post because the usage was wrong, I mentioned it because I think it sounds stupid. For one reason or another, it's a mutation of English I would rather not see.
Whether it was worth posting about is a valid matter of debate. It seemed like an easy enough place to demonstrate what the fallacy of begging the question is. I had some time to kill.
Re: (Score:2)
Actual money? Less. Significantly less.
Opportunity costs? They could be significant. PSN was obviously a part of the sale of PS3, which was released November 11th. If they take the extra time, do they miss the Christmas shopping season altogether? I believe XBox 360 was already out. The Wii was coming out one week later. Could they really afford to wait and let people make their console purchasing decisions without them even a choice? It's easy to say "they made $X, they could have made $X a few
Not that much... (Score:3)
Re: (Score:2)
It only takes one last straw to break the camel's back...
Future Losses Left Out? (Score:2)
When you figure in the customers who they have finally "turned off" who just won't buy Sony 'anything' anymore, Sony may just have permanently set a backward slide.
It only takes one or two 'hits' from a manufacturer treating a customer badly to cause a consumer to give up on a brand. You hear comments like that all the time.
For me, the rootkit fiasco & a $3000 Sony TV that a bit over a year later had the remote fail and they no longer sold that model of remote was the last straw. Good companies don't
Re: (Score:2)
You see... (Score:2)
Worse than 170M$ (Score:2)
The real cost is not 170,000,000.00$, it is 170,000,009.99$ because I was planning to buy Tetris from the PSN and with their lousy security they just lost my business...
That should teach them, and if this is not enougn, I will also not hesitate to send them a strongly worded letter.
Won't cost Sony a dime (Score:5, Insightful)
The hack won't actually cost them a time.
The compensation will be in the form of a PSN+ subscription. But you will still have to cough up a credit card or something. Then it will be the users responsibility to unsubscribe when the free subscription is up. Most of the Sony lemmings won't notice until the CC bill arrives, then they will already be in the second month of service and have to pay for that too.
So Sony is still going to make money from the deal.
Re: (Score:2)
Re: (Score:2)
Well, that's not quite true either.... Among other things, Sony did agree (finally) to give people a free year of credit protection with one of those paid services that monitors your report. They're paying something for that.
There's also the cost of hiring whatever outside security experts were hired to investigate the hack and advise on more secure alternatives to implement, moving forward.
Re: (Score:2)
Is it me or is this "verdict" like condemning a dealer to hand out some dope for free in front of schools as his plea bargain?
Higt cost a good think in the end (Score:2)
Re: (Score:3)
You may rest assured that this calculation was already done, and the probability was deemed "near zero". Why? Because it's easier to put some idiot on the CSO hotseat than to hire someone who knows what he's doing, pay him accordingly and also hand him a budget high enough that he doesn't quit on the spot again when he notices that he's just hired as the idiot to keep the "guy to fire when shit hits fan" seat from walking away on its own.
The 170M isn't really caused by the hacks (Score:2)
Note to Sony: (Score:2)
But of course it includes compensation (Score:2)
It's that big fat zero at the end of the calculation.
Bonus (Score:2)
Compensation? (Score:2)
Probably not. The (old) games they're offering in "compensation" are ones that I wasn't planning to buy anyway. I'm sure I'm far from the only one that can say that. Add that group together with the group composed of people who have already bought those games, and factor in the fact that digital downloads don't really cost the company anything, and you end up with a few people feeling left out (because they bo
So thats what.. (Score:2)
Does that figure include (Score:2)
Probably not.
I eBay-ed my PS3 last month, replaced it with a standard Blu-Ray player that does
Re: (Score:2)
You hit a nerve with me. I wanted to watch a movie earlier in the week, and I hadn't changed my password or done the update yet since the whole PSN debacle. It didn't even register that there was a BluRay disk in the slot. After resetting my password and doing the mandatory software update, I could finally watch the movie. Thanks, Sony.
(sigh) It still works better than my old Samsung BluRay player, which I had to ship back to them a couple of times, and I like that I can play a game occasionally when I ha
Huge cost in PR (Score:2)
Okay, so everyone thinks the cost is directly financial. What about the cost in PR?
This company just got mentioned in article after article in just about every newspaper on the globe. No pretty headlines, either. Lax security. Leaked data again? Oh.
The direct cost might be possible to calculate - but the cost of no one trusting Sony with personal data could disrupt their online business entirely.
The rootkit disaster, as often mentioned, still sits in all of our minds and everyone we talk with. Do not undere
Re: (Score:2)
Well, if the perps are ever caught, at least we know they can make up for the compromise by giving Sony a pair of iTunes gift certificates.
Re: (Score:2)
Re: (Score:3)
It was a little inconvenient during the outage. Even though "it still worked" you had to let it fail on a couple of logins first. And for me on some nights it just didn't work at all. During the outage I wound up using an Xbox for Netflix streaming. I didn't want to have to futz with it every time I started it up.
I'm back to using the PS3 now of course. But I too am concerned about the networks security and how much I can count on future service availability.
Re: (Score:2)
Re: (Score:2)
Unless you've got some amazing deal with a bank that i'm not aware of, debit cards offer little to no fraud protection, if money gets stolen from it you're SOL. With credit cards you can always challenge fraudulent transactions, and the credit card company will watch out
Re: (Score:2)
Not too shabby, considering the CC numbers fetch only a few cents a piece on the black market.