Sony: Gamers' Voice demands answers

By Wesley Yin-Poole Published 27 April, 2011

Information Commissioner to investigate.

UK gamer rights group Gamers' Voice will ask the Information Commissioner to investigate Sony over the huge security leak that has left over 70 million PlayStation Network users worried about the security of their credit card information.

Last night Sony warned its customers to check their credit card statements and change their online passwords after confirming data theft had occurred.

Gamers' Voice slammed Sony over the episode, and criticised the company for not alerting customers to the full extent of the data leak earlier.

"The response by Sony to this situation is at best disappointing and at worse dangerous as it has left up to 75 million customers at risk of identity theft and fraud," Gamers' Voice chairman Paul Gibson told Eurogamer.

"While the Playstation Network being down for the better part of the week is unfortunate, it is the continuous lack of information being provided to gamers on the potential loss of their personal details which is most worrying.

"Since this security breach took place a week ago, Sony should have notified its customers immediately of the potential loss of information. We are contacting the Information Commissioner in the UK to see what powers they have to investigate this matter further and hopefully to force some answers from Sony about the extent of this security breach."

The Information Commissioner's Office has the power to rule on complaints and can take action when the law is broken.

Sony is currently facing one of the biggest crises in PlayStation's history.

The Japanese company has promised to "assess the correct course of action" once PSN is back online following calls for refunds.

Picture of Wesley.

About Wesley Yin-Poole

Wesley is Eurogamer's news editor. He likes news, interviews, and more news. He also likes Street Fighter more than anyone can get him to shut up about it.

Read more articles from Wesley by visiting the Wesley Yin-Poole archive page.

You may also like...

Comments (43) Latest comment 1 year ago

Comments for this article are now closed, but please feel free to continue chatting on the forum!

  • streetmagix #1 1 year ago

    "Gamers' Voice" don't represent me, I didn't vote for them, I haven't signed up to them.

  • CaptainQuint #2 1 year ago

    So does this mean we won't be getting any more Face-Offs for a while?

  • fknetwork #3 1 year ago

    Seriously, anyone on here saying anything bad about Sony is being negged?!? REALLY!?

    Sony make the biggest fcuk up of all time and people STILL try and defend them? they wait a WEEK before telling its customers about data theft and personal info being taken yet you STILL get the Sony defense force sticking up for them!?


    To be clear, this is the BIGGEST fcuk up Sony has EVER made, this will haunt them for many years, the cost of all this could EASILY put them out of business as is now being reported on certain news channels.

  • spliffhead #4 1 year ago

    This will hit Sony's share price badly and Apple will buy them up and push Vaio Macs and Apple TV TVs into homes.

    Game over competition and open markets.

  • beastmaster #5 1 year ago

    Uncharted 3 - coming soon for XBox 360

  • gamzino #6 1 year ago

    It's a royal c*ck up on Sony's part... it's becoming increasingly obvious that from a software security perspective Sony are living in the dark ages. Some people will say that it took 4-5 years to hack the firmware, I say it took 4-5 months after they pulled Linux.

    Differently though, these hackers are becoming a bit of a pain. I respect the fact they are representing the voice of freedom, for the little man against the behemoth corporations.. But, hey.. i bought my PlayStation.. and I've been incredibly happy thus far.

    If you guys really want to make a stand...hack into every parking attendants hand terminal!!

  • udders #7 1 year ago

    Sony and psnetwork suck compared to Microsoft and Xbox 360. This is just proof in the pudding and tops it all off. They will be screwed for millions.

  • nuanimal #8 1 year ago

    @streetmagix
    Regardless of whether you like Gamers Voice or not - they do have point, in that Sony should face investigation by the OIC under UK law.

    @DcP729UK
    Thats a good point, the worst of it is when you have "developed" nations that don't really know how to deal with cyber-crime. Turkey is an ideal example, and unfortunately one such haven for criminal hackers.

    @CaptainQuint
    Lol, I'm sure Richard will cope playing offline for Face-Offs.

    @fknetwork
    +1. Although, I don't think it will put them out of business. It will cost them a helluva lot though.


  • Chaser #9 1 year ago

    @DcP729UK said with little understanding of what actually hacking is.

    If you want to outlaw hacking you need to outlaw computers, and as such outlaw games. Go ahead....

  • KrazyFace #10 1 year ago

    @fknetwork, mate I just read the EXACT SAME COMMENT from you on two other threads, you're just going about leaping on every Sony report and pasting that in each time, WTF!!? You're not helping mate - but I think you probably know that.

    This is obviously not good, and I'm usualy one of the first to stick up for Sony's stupid mistakes. But this goes beyond a "stupid mistake", this is a ROYAL FUCKUP. My detatils for my bank etc. are on PSN sure, I'm not (honestly) not all that worried about that, but I know people that can be really testy about these kinds of things and this is gonna take Sony a huge amount of compensation to bring people back to them after this. "They" said they had "plenty tricks up their sleeve", and that they'd get sony back, well, looks like its happened. I'm sure whoever is behind this breach has been sleeping with a smile on their face at their "accomplishment", but as a customer of Sony I'm obviously NOT happy.

    I used to think "just let them be" when people talked about hackers, now though, if anyone ever reveals to me they like to do a bit of hacking "to teach a lesson" or whatever, they're getting laid the fuck out... I don't care now, HACKERS ARE FUCKWITS.

  • RexRunti #11 1 year ago

    Judging by past experience the Information Commisioner's Office will do a thorough investigation which will reveal 6 months from now Sony have severaly breached the Data Protection Act 1998 resulting in the compromise of millions of british citizens personal information. As a result Sony will be told not to do it again and no further action taken.

  • thewool #12 1 year ago

    So today the headlines of a spangly tablet are yesterdays news....

    It's just like my old gaffer used to say - you're only as good as your last fu*k up.

  • RexRunti #13 1 year ago

    Hacking is a criminal offence. I don't think anyone here is defending the people who did the hacking but that doesn't mean Sony are blameless. If I had a cleaner, and my house was burgled because they left the door to my house open, even though my stuff was insured and the burglers are ultimately responsible, the cleaner wouldn't be working for me the next day.

  • Johnsters #14 1 year ago

    The storing of banking and financial data has to follow PCI DSS standards. By complying with these standards, Sony should be regularly audited for it. It costs a lot of operation investment to be compliant and not just through IT, but through people too. If Sony have been storing our records in clear text format, then they should be hammered for it. But if they have followed DSS regulations then they are maybe not to blame - Theft its theft is theft.

    (on the safe side - I've changed passwords everywhere)

  • Shikasama #15 1 year ago

    The UK is terrible for fawning over big companies like Sony. If anything they'll get a £250,000 fine.

    I'd actually be pretty surprised if tyhe EU didn't get involved. God knows they love fining companies to support their beaurocratic crack habbit.

  • SeesThroughAll #16 1 year ago

    I'd actually be pretty surprised if tyhe EU didn't get involved. God knows they love fining companies to support their beaurocratic crack habbit.

    Quoted for truth.

  • Valver #17 1 year ago

    @DcP729UK Anonymous didnt do this. Users of the Rebug CFW did.

  • GitSomE_UK #18 1 year ago

    The most shocking thing about this news items is there is a gamers rights group!... Gamers Voice?... Really? Where did they spring from?

  • Murton #19 1 year ago

    Gamer's Voice are getting good at this PR stuff and getting headlines, shame nothing will come of it. The Information Commissioner will almost certainly rule that the timing of the announcement is within the legal requirements set in the DPA. He will of course investigate Sony to ensure that all requirements protections were in place and if they were Sony will be vindicated and the issue of "determined hackers" may finally find itself being debated in Parliament with the aim of getting new law made or at least an amendment to the DPA to bring it up to date on hacking. If he finds that security was lax then he'll impose a fine and an improvement notice, there'll be no actual prosecution which is what Gamer's Voice seem to be hoping for.

    And speaking of the Information Commissioner need I remind anyone that it was his office nailed ACS Law to the wall with the maximum fine for allowing the names and addresses of people they were pursuing for alleged piracy but didn't even look at the companies that provided them with the information in the first place? Both Sky and PlusNet handed customer data to ACS without prior permission or a court order, they simply did on request and PlusNet even sent their customer details in an unprotected Excel spreadsheet for crying out loud and neither attracted the attention of the OIC.

  • beastmaster #20 1 year ago

    I am curious how much of an impact this will have on exclusives and multi-format gaming. It must be a concern for developers.

  • mrvinny000 #21 1 year ago

    I don't find how Sony can be soley responsible as the hackers have a part to play, but the lack of details about our info being stolen over a wk ago and the fact nobody can remove or change these details still is adding to my personal dismay at the way Sony has handled this situation.As well as Sony still not being very usefull in not opening up the service for its customers of PSN and other services to remove and alter these details we all so obviously need to .

  • randompanda #22 1 year ago

    No point in opening up the PSN to let you remove the details - the hackers already have them. Changing them now would make no difference.

  • chubster2010 #23 1 year ago

    @Gamzino
    re 'I respect the fact they are representing the voice of freedom'

    This is bollocks though isn't it? These hackers are just representing their own over-inflated egos. I'd accept that Sony haven't been the best at managing their PR (the poor public response to this crisis is a particular low point), but waging war in the way that Anonymous has* is ridiculous - they're not heroes fighting for our rights, they're attention seekers.

    At the end of the day, Sony are free to run their PlayStation business how they see fit, and jumped up bedroom coders gettting pissed just because they don't like the company's decisions is just pathetic. If one doesn't like how the PlayStation brand is being managed, you're free to jump ship - there are plenty of alternatives!

    * I know they've denied involvement in this attack, but this is the kind of act that they stand for.




    Edited by chubster2010 at 27/04/11 @ 10:11

  • Master09 #24 1 year ago

    As a PS3 owner myself I have to ask what is making the folks mad the most, the fact that this happened in the first place or Sony's delayed response?

    I have to say, I am not happy at Sony' dealing with this, but they are the victims here as well the hackers (criminals) are who we should be angry at the most.

    Time for hackers to get tougher punishments.

  • Olemak #25 1 year ago

    Even though Anonymous are not behind this, I'd bet they are less eager to support their hero Geohot now that they see what his hacks actually lead to: crime, piracy, restrictive security, PSN offline and Sony spending millions on security and litigation rather than spending money on making games and consoles. So that is the negative side of results from PS3 jailbreak. What beneficial effects are there of the Jailbreak? Anybody?

    Geohot didn't do this either (I think :)) but there is no doubt that he enabled the crime. Could he be sued again? Would this have changed the lawsuit against him if it had happened earlier?

  • abigsmurf #26 1 year ago

    Hopefully they'll clarify how the info was stored.

    If the passwords were encrypted using SHA it's not too big of a dea (or if they were encrypted with MD5 and you've a long password)l, they've been a big vague about the credit card info, hinting they don't think it's been compromised but saying it may have been.

    I'd like to hope that only the last 4 numbers of the CC info is stored in a non-encrypted way (it's the only 'public' info a user needs to see).

  • rotmm #27 1 year ago

    @Olemak, "Geohot didn't do this either (I think :)) but there is no doubt that he enabled the crime.

    How?

  • SpookyTang #28 1 year ago

    Hacker hack and Sony drops the fucking ball, the lack of info is what gets me. I don't care that PSN is down, i don't care that i've paid for PSN+ and getting nothing in return. What i do care about is Sony taking 6 days to release this information. I still haven't got this email they were sending out to PSN users. I've just cancelled my Debit Card just incase and i'll now spend the next hour changing all my passwords with the places i buy from online etc. I won't be buying from the PSN store ever again unless i buy the pre-paid cards.

  • mungolikebeans #29 1 year ago

    Don't see why all the hatred is aimed at Sony. Yes Sony could have handled the PR better but i'm not sure what else they could've done to stop determined hackers - not sure any organisation can.

    It's these scumbag hackers who are basically thieves who on one hand are fighting for our rights but selling our info to criminals.

    Cunts.

  • Ricky_Ragu #30 1 year ago

    What it makes me wonder is the fact that Sony having an online service with the use of a high risk payment method, has never actually thought of a creation of a internal team that deals with potential fraudulent activities with the purchases. I mean, do they even do any type of security checks on the customers? Do they check the payment methods? Couldn't they provide other more secure methods such as Neteller or Paypal?
    I know it's just a gaming service, but online betting is a form of entertainment and they have these tools in place?
    Sony should know better...

  • Freek #31 1 year ago

    People rightly expected PSN to be more secure then it is. It should have never happend in the first place.

    Usually you get identity or creditcard detaisl stolen via phising e-mails that trick you into handing over details because getting into places like Live, Steam or your online banking account is next to impossible.

    PSN getting hacked so badely is fairly absurd. The fact that it's being rebuild entirely is verry telling. The security was probably not up to standards and is now being changed.

  • StooMonster #32 1 year ago

    Shikasama: The UK is terrible for fawning over big companies like Sony. If anything they'll get a £250,000 fine.

    If anything they'll get fined, £0

    Data Protection Commission is toothless, and even if you actively engage in criminal behaviour you can get away with it (see BT and Phorm were completely let off the hook for illegal activities).

  • Retro_ #33 1 year ago

    Lots of trouble making stirers on Eurogamer today. Get a grip, this happens all the time, just deal with it.

  • Murton #34 1 year ago

    "Data Protection Commission is toothless, and even if you actively engage in criminal behaviour you can get away with it (see BT and Phorm were completely let off the hook for illegal activities)."

    Tell that to ACS Law who were almost killed overnight due to receiving the maximum £1million fine for allowing their victims data to go public following an attack by Anonymous. Also Phorm wasn't a data protection issue as no pertinent data was stored, it was a privacy issue and the OIC has no jurisdiction in that, hence only being able to serve an improvement notice for data handling.

    The OIC in this particular case can impose fines on SCEE at the very least if not Sony as a whole, not that 1 million GBP is going to mean anything to a global megacorp like Sony. The real win here is that OIC is going to investigate, that at least means that details of how our data was stored and secured will be made public.

  • StooMonster #35 1 year ago

    Murton: Tell that to ACS Law who were almost killed overnight due to receiving the maximum £1million fine for allowing their victims data to go public following an attack by Anonymous.

    Wasn't the "data" such as process and components of court cases and legal actions, rather than simply names and addresses? OK there might be credit card details included here too.

    The latest update I found on ICO website was this http://www.ico.gov.uk/news/current_topic... from 29 September 2010 which says they are investigating not they they fined ACS:Law anything. Here's their official statement http://www.ico.gov.uk/upload/documents/p... I don't see £1-million in fines mentioned anywhere.

  • septimus #36 1 year ago

    I've been a PS gamer since the UK launch of PS1. That goes for XBOX as well, but I am now feeling less inclined to get PS4 whenever it is released. It is only going to be more dependant on online activity and i am now struggling to trust Sony's competence in this area.

  • mattparselle #37 1 year ago

    "Get a grip, this happens all the time, just deal with it. "

    Sure it does. That's why it's headlines news on national TV and radio networks...

  • Olemak #38 1 year ago

    @otmm

    Geohot opened up the system and published details showing others how to do the same and encouraged further development.
    Maybe he expected everybody to use this to make homegrown media players or whatever, but intentions are worthless.

    It stands to reason to assume that these hackers used parts of Geohot's work, and perhaps even depended completely on Geohts efforts. I don't think this is a coincident. But since I am not the PSN hacker, I obviously can't give you any hard evidence, no more than you can offer evidence that the hackers never saw Geohots published hacks and were inspired/educated by it.

    Is it madness to assume that this hack is related to to Geohots "cracking" of the PS3?
    Is there any reason to believe that the evil hacker cracked the PSN security using an entirely unrelated technology?
    I seem to recall that the OtherOS-hack also used a devkit hack.

  • Ryze #39 1 year ago

    Cancelled my debit card a few moments ago:

    [link url=http://www.techradar.com/news/gaming/sophos-psn-users-should-cancel-credit-cards-immediately--948352
    ]http://www.techradar.com/news/gaming/sop...[/link]

    Sony can't 'do' networked software and services.

  • Madder-Max #40 1 year ago

    goddam japs!

  • Geminosity #41 1 year ago

    I don't promote hacking but people saying we should "wipe out hacking" clearly don't understand the realities of the situation. I don't know if everyone remembers, but there was once a time when America tried to ban alcohol. Did it work? Not a smidge. If anything, the crime rates went up as criminal cartels had a new and lucrative new way to source their incomes.

    Hackers are always going to exist so I guess the real issue here is that Sony egged them on. I don't care how much armour plating you're wearing, if you go into a town of thieves and start insulting them you're going to be dead in the ditch by morning. I'm not saying companies have to pander to Hackers, but for the love of christ, don't goad them. There's probably enough russian mafia and whatnot trying to hack your details to finance their operations without giving others a reason to attack your network. Did nobody learn from Gawker/Kotaku's mistakes?

    I guess, however, if someone was to seriously tackle hacking, they'd have to treat the disease, not the symptoms. If you just lock up hackers, new ones will replace them in time. It'd probably take some kind of serious shakedown of societal values and systems in a country to really create the kind of environment that breeds a whole population with no criminal intent :p

    Those blaming anonymous for this don't read the news either. Anonymous (the group) stopped hacking PSN a good while ago and resorted to (mostly unsuccessful) store sit-ins instead. If Anon had been responsible they probably would've claimed it, loud and proud. It's possible rogue members of the group working on their own could've been responsible, but it's unlikely the group itself. While anon are hackers, that doesn't make all hackers anon.
    Edited by Geminosity at 27/04/11 @ 13:27

  • BOFH_UK #42 1 year ago

    @olemak: the problem with that argument is it SHOULD be unrelated to breaking into PSN. What geohot did was effectively break open the local console only, that should have no impact on the remote servers and, thus, the data that's been compromised. We don't currently know exactly what's happened but looking at information that's come to light since the firmware hack went live it seems likely that Sony have REALLY dropped the ball on their own internal security. Certainly there's no way, for instance, that a console reporting itself to be a dev machine should automatically be considered a trusted unit on the PSN.

    And there, really, is part of the problem. This is a very complex situation and a lot of people are oversimplifying it. Did geohot make it easier for this to happen? Hard to say for sure but it seems likely, yes. Should allowing custom firmware (if that IS the attack vector in this case) seemingly compromise the entire network months after said firmware was hacked? Not a chance in hell. Ultimately the blame, of course, lies with the hacker(s) who did this but frankly, going off what we know now, I'd say Sony was at the very less grossly negligent for leaving the keys to the kingdom lying around (including that stupid non-random random number that started this whole fiasco in the first place). I'd also say that this is going to be an ongoing problem for both Sony and nintendo. They are entering a world were security is vital and, unlike say microsoft, they haven't got decades of experience at dealing with targeted attacks. If nothing else, hopefully this incident will change that and show just how important properly secured data and networks really is.

  • Bluetooth #43 1 year ago

    Aw man, Sony are fucked.