The PSN hack: one year on

How much did it really cost Sony, and has it changed the game industry?


12 months ago, a no-doubt sweaty Sony communications chief sat down to pen a statement informing more than 70 million PlayStation Network account holders that their personal details - including credit card numbers - had just been compromised in one of the largest data hacks ever perpetrated.

Months of corporate hand-wringing, righteous consumer outrage, grovelling PR and over-cooked class action legal threats followed, in what was one of the biggest tech stories of the decade.

But one year on and the dust finally seems to have settled. The quality and quantity of PSN releases has held steady, PlayStation 3 was the biggest selling home console of 2011 in Europe and Japan, many of those responsible have had their day in court and there have been no verifiable reports of any account holders having actual hard cash stolen or IDs hijacked. Perhaps evidenced by its refusal to grant us an interview for this piece, Sony would rather we all make believe that it never happened.

So, was it all a mountain out of a molehill? We spoke to a number of industry experts to gauge what the real cost of the hack was, both for Sony and the industry at large.

Concerning the impact on the company's bank balance, estimates range either side of the $105 million bill that Sony claims the hack racked up. Wedbush Securities analyst Michael Pachter puts the total at "tens of millions", while IDC research manager Lewis Ward reckons it's closer to $250 million - a figure he deems high enough to almost certainly have been a factor in former Sony CEO Sir Howard Stringer's departure earlier this year.

Considering the scope of the breach, the total financial outlay was lower than it might have been, but nevertheless it's an expense that Sony could certainly have done without given the current state of its business. There's no doubt it deepened the company's deep fiscal woes at a time when it desperately needed to keep investors on side.

But as far as damage to Sony's reputation goes, there seems to be a general consensus that the company has emerged relatively unscathed.

"I actually think they handled it well, and that there is minimal lasting damage," argues Pachter.

"PSN came back up, hasn't had a serious problem since, and people appear to be comfortable with the security measures in place."

DFC Intelligence president David Cole agrees, insisting that most gamers don't really hold a grudge against Sony for the breach.

"I think that the actual damage to Sony's reputation is probably not that bad," he says.

For one, people have short memories, and secondly it is one of those things that most people realise Sony didn't cause. You just don't see a lot of anger or discussion today - DFC Intelligence president David Cole

"For one, people have short memories, and secondly it is one of those things that most people realise Sony didn't cause. You just don't see a lot of anger or discussion today."

EEDAR VP Jesse Divnich adds that Sony's Welcome Back initiative, that offered account holders a range of free game downloads and other incentives to renew their patronage, was a huge success and helped Sony emerge with its image largely intact.

"The security breaches of retailers, credit card companies and banks have unfortunately become a weekly occurrence, yet how many of them have ever publicly apologised and given away free product?" he asks.

"None that come to mind. The video game industry is more customer focused than any other sector, and Sony's Welcome Back program was a testament to our industry's dedication to ensuring our consumers have an enjoyable, safe and entertaining experience."

A few months after the service went back online, Sony went as far as to claim that the breach had actually woken up as many as three million "dormant" account holders and brought more gamers to the system. Could this eyebrow-raising spin really be based in fact?

"Without a doubt," insists Divnich. "Sony's Welcome Back program woke up dormant users."

Pachter agrees, though plays down the significance of the bump. He estimates that around 10 per cent of lapsed users would have returned to the console for the reasons Sony cited.

"It's likely that 'dormant users' at a minimum logged onto PSN to see their account info. I'm sure that a small number did, in fact, start using the service again, so I buy the Sony spin," he says.

But surely, on a wider level, an incident like this can't have been good for the public image of online gaming and digital commerce? Cole certainly thinks not, arguing that the hack has made customers reluctant to give out their banking details online, in doing so slowing down the digital revolution.

"I think the overall impact is to make people aware of the dangers of giving information out online," he explains.

"I know I personally had issues with Xbox Live many years ago and will never give my credit card to those type of online services. I think most consumers don't necessarily blame Sony but just become more aware that it can happen to Sony's competitors as well. Thus you get a more cautious user base.

"From an overall industry perspective I think this drives more momentum towards pre-paid stored value cards that are bought off-line."

There is a flipside to Cole's argument of course - a greater awareness of online safety issues among gamers is a positive for the games industry and makes it easier to police these sorts of attacks in the future. Beyond that, the hack has also lit a fire under Sony's competitors and strong-armed them into beefing up their own security systems. As a result, online gaming in 2012 is undoubtedly a much safer environment for everyone, not that anyone has reasons for complacency.

"I actually think this is really good for the industry," says Pachter.

It taught everyone a lesson about maintaining security and privacy for online gamers, and I think that everybody double and triple-checked systems in place to be sure that nothing like this happens again - Wedbush Securities analyst Michael Pachter

"It taught everyone a lesson about maintaining security and privacy for online gamers, and I think that everybody double and triple-checked systems in place to be sure that nothing like this happens again."

While Sony no doubt would rather Anonymous hadn't come knocking last April, it does appear the hack's impact wasn't quite as cataclysmic as many might have feared at the time. Sony's embattled PR department certainly won't forget it in a hurry, but for the most part, it appears that life has indeed returned to normal for Sony's online service, albeit with the welcome addition of military-grade digital razorwire.

Given the myriad potential outcomes that at one time seemed on the cards - millions of stolen identities, countless ransacked bank accounts and a platform holder ripped to pieces by a frenzied swarm of opportunistic lawyers - that's something we should all be thankful for. PlayStation's ugly demise at the hands of a few mischievous cyber-terrorists would have been good news for nobody.

Sometimes we include links to online retail stores. If you click on one and make a purchase we may receive a small commission. For more information, go here.

Jump to comments (44)

About the author

Fred Dutton

Fred Dutton

US News Editor

Fred Dutton is Eurogamer's US news editor, based in Washington DC.


FeatureA spoiler-heavy interview with The Last of Us Part 2 director Neil Druckmann

"I've seen people say online, you disrespected the characters. *************! No-one loves these characters more than we do."

Loot boxes should be classed as gambling, says House of Lords

"Young people should be protected from all gambling and gambling-like products."

You may also enjoy...

Comments (44)

Comments for this article are now closed. Thanks for taking part!

Hide low-scoring comments