2011 PSN Hack Documentary: How Sony Failed Their Customers

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

users of Sony's PlayStation Network have been greeted instead by error messages now what's being called one of the largest digital data breaches in history that Sony suffered an external intrusion which forced their online network to shut down yes Sony says the personal information of about 75 million players may have been stolen of up to 77 million users worldwide so what does that mean for anyone who may have been exposed [Music] while it always appeared as though Sonia was two steps behind in the world of online connectivity the upcoming digital age was not lost on the company well before Microsoft's Xbox hit North America Sony completely understood the need to take ps2 online and into the future ken Kutaragi the hardware architect for both the ps1 and ps2 was ready to connect ps2 to the Sony network with an even broader goal to create a portal full of content users could interact with from movies to music and of course games this however never came to fruition the ps2 went on to become the most successful video game console ever without ku Draghi's online vision being fully realized ps2 saw many online games over its lifecycle with many fans heavily devoted to games like Final Fantasy 11 and SOCOM it seemed like Sony's commitment to online gaming was alive and well then enters the next generation PlayStation 3 during e3 2005 Sony spent nearly two hours going over the system's technical specifications showing off a number of tech demos and having third party representatives vouch for the capabilities of the system a very small portion of this event gave us the very first glimpse and promise of the PlayStation Network promising community communication commerce and content the ps3 Eila fundamentally changes this approach the network is a core element of the PlayStation 3d anyway every aspect of the system has been designed with a pro ban and the home networks in mind ps3 is an L always on always connected device this promise was small and in comparison to Microsoft's Xbox 360 incredibly lacking not only was Microsoft heavily devoted to making Xbox Live to premiere place to play online games but they delivered that promise once the Xbox 360 launched on November 22nd 2005 the system had a robust storefront friendslist party chat messaging everything you'd really need it was feature set from the get-go and attracted many gamers looking to play online and as the months rolled on and microsoft gained an early lead in hardware sales the standard was now set this was the right way to do online play on a console surely Sony was prepared to offer something just as good or better this unfortunately wasn't the case either during Sony's 2006 III press conference where the company spent very little time demonstrating the PlayStation Network there was a glimpse at a product page on the PlayStation Store and a look into purchasing a downloadable song for the game singstar here we have the ability to buy the song I'm just putting it in as 0.00 dollars we didn't want to give any steer yet on our pricing strategy and you can see how we have a wallet system and we have a spending limit all of this is part of the parental controls that you would expect to be part of the PlayStation Network platform the rest was awkward gameplay demos and an overwhelmingly high price reveal while many things went wrong during the ps3 early stages most of them were seen a mile away the internal components were surely going to make the system costly the ps2 was difficult to develop for and ps3 would probably be no different but Sony knew as early as 2001 that an online infrastructure was important and yet they lost their focus they disregarded the competition and how well they were doing they assumed what they had in place is what people would want they assumed people would pay any price for their console and they assumed PlayStation Network was going to be great [Music] by the time PlayStation 3 actually launched the scope of the network was fully realized it was a bare-bones the PlayStation Store was entirely web-based you couldn't download items in the background you couldn't access your friends or messages in game it was a mess though this was one of many problems the PlayStation 3 faced early on which Sony fully understood after seeing poor sales and an onslaught of criticism for all their shortcomings the company quickly got to work on ps3 the years that followed showed a company committed to bettering their product there were price cuts at $5.99 and then consequently reducing the price on the existing 60 gigabyte model to $4.99 exclusive games [Music] new features as many of you know on the blog we've been listening to your feedback and have delivered a lot of the features you've asked for and this firmer update actually contains the number one most asked for feature the in-game XMB let's take a look so I'll hit the button and as you can see it brings up the XMB new hardware allow me to introduce the latest version of PlayStation 3 available in stores throughout the world from the first week of September and a better network which will be available in mid-april but behind the scenes as early as late 2009 notable hacker geo hot and hacking group failover flow we're working on cracking the security of the ps3 hardware and on January 2nd George Hotz aka geo hot released route keys of the ps3 on his website which could be used to install new software in homebrew on any ps3 console including the possibility of pirated games it did not take long for Sony to take immediate action the keys were removed from the website after illegal action from Sony was sent to geo hot and fail overflow by January 11th Sony filed for a temporary restraining order in the US District Court of Northern California they also demanded sites like YouTube hand over the IP addresses of people who watched or visited any of Geo Hatt's pages Sony also requested the control of geo hats PayPal account the judge ended up granting Sony permission to view the IP addresses of anyone who had visited geo hakam and come April 2011 the suit was settled on the condition that hats would not resume or pursue hacking any Sony product ever again in the midst of this controversy Sony found themselves being threatened by anonymous the infamous international hacking group well-known for coordinated DDoS attacks congratulations Sony you have now received the undivided attention of Anonymous your recent legal action against our fellow hackers geo hot and groucho colo has not only alarmed us it has been deemed wholly unforgivable knowledge is free we are anonymous we are legion we do not forgive we do not forget expect us on April 4th PlayStation Network is hit with coordinated denial of service attacks that bring them Network down numerous times making it difficult for gamers to play games online login or even just stream content through Netflix or Hulu the service based interruptions for a few days until April 7th when Anonymous officially declares they are no longer attacking the network and issuing a statement openly apologizing to affected users Anonymous is on your side standing up for your rights we are not aiming to attack customers of Sony this attack is aimed solely at Sony and we will try our best to not affect the gamers as this would defeat the purpose of our actions if we did inconvenience users please note that this was not our goal [Music] [Music] PlayStation Network is offline millions of gamers around the world cannot login and are left wondering what is going on it's not long until Sony officially comments on the situation posting on the PlayStation Blog that there is an outage and the cause is being investigated not much else is said other than the possibility of targeted behavior and that the team was working to get services up and running soon at the time no one knew what that meant or how long it would take but presumably everyone assumed this was another attack from hacker group Anonymous based on what transpired earlier that month worst yet major blockbuster games had just launched days prior including Sony's own first party title SOCOM for US Navy SEALs a game very multiplayer focused sony admits there has been an external intrusion into the network playstation network and curiosity services would remain offline while Sony conducts a thorough investigation to inverse muth and secure operation of services going forward the only other sentiment given to the community was that engineers were working around the clock to get the services back up but behind the scenes the story was much different while Sony was indeed working around the clock it wasn't a matter of restoring service it was a matter of understanding just how much was compromised PSN remained down in order to prevent any further attempts to access whatever was accessed which at the time Sony still wasn't fully aware of hackers have stolen the personal information and possibly the credit card numbers of 77 million Sony Playstation users personal information passwords addresses things like that birth dates emails purchase histories potentially passwords and logins Sony is also not ruling out the possibility that credit card information may have also been taken after six days of PlayStation Network being down and continued reluctance to be completely transparent Sony now reveals the full extent of the situation personal information of 77 million PSN users has been compromised whatever group or entity was responsible for the network outage had obtained your name address email birthdate PSN login purchase history billing address passwords security answers credit card number and expiration date sony warns in their blog to be aware of all emails phone calls and postage scams being delivered to you asking for your personal information if you use the same passwords and usernames across other sites and services you're warned to change them immediately and above all else carefully review your account statements the news makes headlines worldwide as Sony now becomes the victim to one of the largest online data breaches in history with so much on their plate the company has to answer one simple question why are they admitting this now why weren't consumers told right away where was the transparency [Music] Sonne answers those very questions in a follow-up for damage control Sony's Director of Communications Patrick Seybold issued a few statements saying that there was a difference in timing between when the company identified the intrusion and when they discovered consumer data being compromised the attack occurred on the 19th of April and shut the network down after it was discovered Sony then brought in outside experts to help determine the scope of the incident this apparently took days right up until the 26 but it was fully understood just what was accessed to which Sony then revealed to the public that evening though this wasn't what the public was completely focused on as other sites began reporting that PSN vulnerabilities were apparently well-known amongst the ps3 hacking community while many outsiders not familiar with the scope of PSN security were skeptical it wouldn't take long for Sony to admit this themselves in just a few days [Music] you [Music] now go Tony more seconds I was in the stop Sonne holds a conference in Tokyo Japan to apologize for their shortcomings and denounce a welcome back package that all PSN users will receive once they can sign back onto the network every PSN user will get 30 days of PlayStation Plus and a selection of free games for their choosing they gave an updated timeline that services to online gaming and curiosity would be available in a week's time as well but Sony also went into detail about what the company was going to be doing to prevent something like this from happening again and they start by openly acknowledging that PSN had three layers of security and the vulnerability that was accessed was fully known but they made it clear that credit card information was encrypted and that there was no evidence of them actually being stolen and that while ten million of those were exposed there was no indication of fraudulent charges when talking with credit bureaus Sony would be adding a new job of chief information security officer to add an extra layer of security on top of adding automated software monitoring enhanced levels of data encryption enhanced detection software and additional firewalls all of which was currently being tested and thoroughly watched over by a third-party and lastly once services were restored every user will be required to create a new password to ensure a safe start back into the network [Music] Sony's CEO Howard Stringer facing harsh criticism after his company revealed hackers may have stolen the data of another 25 million accounts in a second security breach just one day later and Sony has now issued a press release regarding Sony Online Entertainment while not totally related to PlayStation Network SOE was also compromised to the tune of twenty four point seven million user accounts as such Sony suspended SOE services as well while they investigate the extent of that scenario twelve thousand encrypted credit cards were potentially accessed while it wasn't clear at the time this discovery would lead to the delay in PSN being restored that week Sony Computer Entertainment president and CEO Kaz Hirai sends an open letter to the US House of Representative subcommittee answering questions about the breach in the letter Sony gets a bit more detailed about how the company discovered and approached the situation they outlined their approach that they would act with care and caution and only provide relevant information to the public when it has been verified once again reiterating the security firm they hired to oversee the forensic work the intrusion was in fact discovered April 19th at 4:15 p.m. PDT when members of Sony network Entertainment America noticed unauthorized activity certain systems were rebooting when they were not scheduled to which rows serious concern the following day April 20th in the early afternoon the team discovered evidence that some kind of data had been transferred off PlayStation Network without authorization on April 22nd Sony sent over all the information and evidence to the FBI they also hired a second security firm to go over 9 of their 10 servers that were suspected and by April 23rd it was understood that the intruders used very sophisticated and aggressive techniques to obtain access and more so they hid their presence from system administrators by deleting log files the company brought on a third security firm for more manpower in reviewing the extent of what was taken and by April 25th they concluded what was possibly taken without ruling out credit card information as well Sony also discovered files planted on SOE servers that were named anonymous with the words we are legion which makes Sony more suspect 'fl than anonymous behind the attacks hacker group Anonymous still stood firm that while they did use denial of service attacks they did not intrude on the network nor would the group be interested in malicious intent at this point though Sony is now facing multiple lawsuits already filed and a possible fine from breach in the UK's Data Protection Act later in the week Sony upped the ante a bit by offering all affected users a 1 million dollar identity theft insurance policy as an extra form of goodwill and by May 6th Sony had begun the final stages of internal testing for the rebuild PlayStation Network which would still need a bit more time due to the recent discovery from eso's intrusion [Music] hello my name is Kazuo Hirai and I'd like to share some news about our playstation and curiosity services since the attacks on our networks we've been working around the clock to bring game and media services back online the services being restored in phases and I'm pleased to say that the first phase has now been launched in most regions of the world PlayStation Network service was finally being restored slowly with North America and in the following days other territories with online gaming streaming friendslist and chat being fully restored a new system firmware update was required on top of changing your password so many users actually attempted signing back on that Sony's password reset client was crashing and that prolonged restoration a little bit more for some but once in users had a selection of games to choose from based on their region on top of getting 30 days free of PlayStation Plus and a 30-day extension to curiosity members if they had an account at the time and while millions of gamers around the world were just happy to be back online and playing games Sony still had a lot of cleaning up to do namely with paying the price after everything was said and done sony claims the outage cost an estimated 171 million dollars with a 250,000 pound fine to pay for breaching the UK's Data Protection Act 1998 there was also a multitude of lawsuits that Sony wouldn't actually settle until 2015 and then there was the damage done to third-party publishers PlayStation Network was down for 23 days which is a considerable amount of revenue loss to many game creators come e3 2011 Sony Computer Entertainment America president and CEO Jack Tretton was able to also issue a public apology regarding the outage to our third-party publishing partners you guys have been with us for over 15 years making tremendous games and I know the network outage was costly to our retail partners you gave us shelf space when there was no playstation brand and you've given us more than our fair share since 1995 when we won launch the original playstation which brings me to the audience that I'm most interested in addressing and those are our consumers you are the lifeblood of the company without you there is no PlayStation I know we took you away from doing what you enjoy most connecting and gaming with friends all over the world and enjoying the many entertainment options on PlayStation Network with the dust settled many questions regarding the outage still Lou namely who was responsible for the attack no arrests were ever made in direct relation to the PSN hack and while many point fingers at anonymous it's merely circumstantial without any hard evidence especially given the nature of the group they typically never go after sensitive personal information and try to convey an image that is for the consumer the message left on SOE servers could perhaps just be a ploy to keep the trail off the real intruders there are a few reports that the old hacker group LulzSec was responsible though most of those reports are getting them confused with their attack against Sony Pictures and not specifically PlayStation Network so this may be a scenario where we will never truly find out nor will we find out the extent of Sony's vulnerabilities with PSN as many false reports came out claiming to know exactly what it was that was left open on PSN and while Sony has increased security to the point of not having another data breach they are still very susceptible to denial of service attacks as evident from Christmas 2014 where both Sony and Microsoft were hit hard as customers tried to play brand new ps4 and Xbox ones but when reflecting on the entire outage of what led up to it you have to wonder why Sony wasn't better prepared for something like this surely no security is perfect even government agencies are compromised with the right coordinated attack which is exactly what Sony faced but from the early onset PlayStation Network always appeared to be the bare minimum something as simple as changing your online ID became an impossible task because of how the network was built from the beginning Sony's current answer to changing your PSN could in theory disrupt leaderboards and game data if you attempt to play an older game PSN 2-step verification came three years after Xbox one had the feature PlayStation Plus has now required to play games online in the 8th generation of video game consoles at a certain point you just have to ask when is Sony going to make sure PlayStation Network is ahead of the curve always secure always online always updated in recent years the company has vowed to better PSN and I sincerely hope they do those who do not learn history are doomed to repeat it hey everyone Ryan here thank you so much for watching this documentary I hope you've enjoyed it if you haven't yet of course subscribe to the best playstation news reviews and updates here on youtube and if you could please consider supporting the channel and content like this over at patreon.com slash mr. ryan any support would be greatly appreciated these video game documentaries taking very long time to make so trust me any small amount really does go a long way not but not only that patreon supporters do get any number of extra bonuses and updates throughout the month like behind the scenes early access shoutout videos thank you videos what stock Playstation and an mp3 format for a podcast service of your choosing credits in the description of all videos credit in the outros of all videos number of cool stuff we try to do over there every single month so again any support greatly appreciate it but of course you don't have to but it would help but you don't have to all right that's it that I think those are all the housekeeping items I had for all of you so as always I'll close it out by saying that's it for me in this video and I'll see you all on my next one you take it easy [Music]

Info

Channel: Mystic

Views: 2,091,568

Rating: undefined out of 5

Keywords: PSN, PlayStation Network, PSN Name Change, PSN Hacked, PSN Hacked 2011, PSN outage, PlayStation Network down, PlayStation Network sign in failed, PlayStation Network service status, Sony, PS3, PlayStation 3, PSP, PlayStation Portable, 2011 PSN Outage

Id: oBflgU5ComI

Channel Id: undefined

Length: 23min 10sec (1390 seconds)

Published: Tue Mar 05 2019