Friday, April 29, 2011

What To Do Now That PSN Has Been Hacked

psnLast week, Sony’s Playstation Network went down. The company remained tight-lipped on the matter for a few days, leading to rampant speculation. It didn’t help that last Tuesday was one of the various days Skynet was supposed to go online, and Amazon cloud servers were degrading into failure cascades, disabling popular sites like Reddit and Foursquare. The Internet was breaking, and Sony was at the heart of it.

Last Friday, Sony admitted that the outage was due to an “external intrusion.” That’s suit-and-tie for “We were hacked.” Very little else was said, again leading to rampant speculation re: the extent of the hacking. Everyone circled round to the same question: was my credit card info stolen?

Early this week, Sony finally answered the question with a resounding “Maybe.”

Hit the jump for what you should do next.

Change Every Password Ever

Here is the list of what Sony knows for sure the hackers obtained: your “name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.”

If you’re like me, chances are you only use one or two handles (screen names for you AOL veterans) in life: one tied to your primary email account and one for all of your more Internet-y stuff (probably a nickname or a deliberate misspelling of a character from a favorite television show.) The hackers now have both of these. They also have your PSN password, and if you’re like the bulk of Internet users, that’s probably the same password you use on a lot of sites.

Go change it. Everywhere. Especially on websites that have your email address. Use symbols. Use the Shift key erratically. Try not to double up your passwords.

For added security, Gmail users may want to check out 2-step Authentication. This service will link to your phone to generate a second login code via SMS or a smartphone app. It’s an extra step that may feel a bit obtuse, but the piece of mind is worth it. I signed up for it yesterday after some suspicious activity on my account last week, and I am now converted. Plus, getting limited-use passwords from Google over my phone made me feel like some sort of spy.

Cancel Your Credit Card

Sony still isn’t sure what exactly the hackers nabbed from their billing department: “While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.” That means that you should act is if it definitely happened and take steps to protect yourself.

Contact your bank. They or may not already know about what’s happened. Have them issue you a new debit card. Then contact your credit card company. They almost surely know what’s happened. Have them issue you a new card. Breathe.

Rumors are circulating that some of the stolen information is already turning up for sale in the shadiest parts of the Internet. While larger news outlets have yet to discuss this, it seems like the inevitable end to a really bad story.

Consider Your Future With Sony

Sony hopes to have some services restored within a week. That sounds like a best-case scenario. A breach like this means rebuilding your login infrastructure and who knows what else. That also assumes they’ve correctly identified how the intrusion occurred and feel confident in their ability to plug that particular hole.

Though the hacker group du jour Anonymous hasn’t claimed responsibility for the attack, it’s likely that a similarly-minded group is behind it. Sony angered a lot of people when it removed some of its hacker-friendly functionality and then pissed off even more when they attempted to destroy George Hotz for his work busting open their system. Say what you will about these groups’ capacity for rational thought (I may agree with you), you cannot deny the potential threat they pose to Internet commerce. And they seem dead set on reminding us of that potential whenever possible.

And Sony made matters worse with their terse missives to the user base. Of course, they are a big company that needed to assess the severity of the situation before saying too much, but the sluggish trickle of information did nothing to assuage the fears of millions of potentially-violated customers. Sony should not only treat this as a lesson in security, they should treat it as a lesson in communication.

I am not advocating any sort of boycott or abandonment of the platform. If you spent hundreds of dollars on a Blu-ray-playing Foreman Grill, you should be able to use it. Just be wary. Exercise some common sense. We’re in uncharted waters when it comes to information leaks of this magnitude, and Sony’s proven they know just as much about it as we do.