Top
1080°

Sony sued for PlayStation Network data breach

Like clockwork, the first lawsuit resulting from the security breach of the personal data of more than 75 million Sony PlayStation Network customers has been filed.

The suit was filed today on behalf of Kristopher Johns, 36, of Birmingham, Ala., in the U.S. District Court for the Northern District of California. Johns accuses Sony of not taking "reasonable care to protect, encrypt, and secure the private and sensitive data of its users."

Read Full Story >>
news.cnet.com
The story is too old to be commented.
rajman2340d ago

Now more will follow...

averyzoe2340d ago

Oh, definitely. I was honestly surprised there haven't been more filed already.

Soldierone2339d ago

There will be. People use our court system to the fullest of their ability. They will sue each other for breathing air if they have the money to do so.

Sony is an easy target right now, more people will follow trying to make a quick buck.

news4me2339d ago

I'm sick of childish people feeling "entitled" to something. Obviously they are trying to protect their consumers. This is ridiculous.

Eamon2339d ago

A lawsuit is justified only if Sony didn't fulfil the legal requirements in protecting user's private data.

Correct me if I'm wrong, but I think there's now an investigation by ICO in UK to see if Sony did or did not fulfil these requirements.

Anyhow, all of what's happening at the moment is definitely not good for Sony.

gamingdroid2339d ago (Edited 2339d ago )

Sony sort of deserved a lawsuit for negligence.

"Birmingham, Alabama resident Kristopher Johns has filed a lawsuit against Sony for failing to “protect, encrypt, and secure the private and sensitive data of its users.”"

I said it before and I'm saying it now, standard practice (and essentially common sense now a days) tell you to hash the password with a salt. If you have to have the original password stored, then encrypt the password with private-public key-pair and guard that private key with your life. That said, there is no reason Sony should keep the original password. NONE!

That is web programming 101! If it was hashed or the private key was kept private, your password wouldn't be in the hands of hackers right now.

In this case, Sony was negligent, more than 70 millions of peoples information and needs to be sued to send a message to ACT RESPONSIBLY!

TheDeadMetalhead2339d ago (Edited 2339d ago )

This guy doesn't really stand a chance in court, does he?

Christopher2339d ago

***I said it before and I'm saying it now, standard practice (and essentially common sense now a days) tell you to hash the password with a salt. If you have to have the original password stored, then encrypt the password with private-public key-pair and guard that private key with your life. That said, there is no reason Sony should keep the original password. NONE! ***

And there is no proof that Sony has done any of this... Only online ranting and speculation.

goalweiser2339d ago (Edited 2339d ago )

@gamingdroid

You are hilarious.

YOU ARE RESPONSIBLE FOR YOUR DATA! Not Sony.

YOU VOLUNTEERED YOUR INFO. Sony did not steal it from you.

YOU USED SONY'S FREE SERVICE. Now you and every jackal looking to point a finger can get lost. Go to Xbox Live, pay your fee, and then wait for somebody to bring down that network.

Nobody is safe online. Anybody could hack into your computer right now regardless of your protections and who are you going to blame? It's your ISP's fault. It's the computer manufacturer's fault. It's Norton's fault too because they failed to block all the viruses like they said.

WAKE UP. You have the power to prevent all this. Don't use PSN. Don't use your computer. Don't go online at all.

It's too bad Sony can't counter-sue for ignorance because I would line every one of you up and make you sure you never bought a new Sony product again.

For geez sake, hackers broke into the Pentagon, banks, and other major corporations. You think Sony or Microsoft for that matter could prevent it?

Seriously...wake up.

Anon19742339d ago

Yeah, best of luck to them trying to prove that Sony didn't take reasonable measures to protect your personal information.

Typical US, sue-happy mentality. Before the facts are even known - SUE!

I think this Weird Al song adequately sums up what's going on here.

http://www.youtube.com/watc...

Heartnet2339d ago

yeh but i doubt they will win since in the ToS itll say sumin bout there not liable or sumin lol

and as soon as 1 fails they all fail since they can use that one case as proof that theyve not dont anything wrong

however if they lose then.. people will be sueing sony left right and centre then Psn will never be back up :(

MmaFan-Qc2339d ago Show
DelbertGrady2339d ago (Edited 2339d ago )

Isn't it Sonys responsibility to keep PSN safe and secure?

A network with 75 million users should have security that matches its size and complexity. I'm sure there are best practises for that.

-Alpha2339d ago

I was reading about how Sony didn't do some encryption or something. I have no knowledge of this whatsoever, but these lawsuits scare me (as a fan of course-- can't help but be pulled in to the "Sony is doomed" hysteria).

Thing with Sony, as far as I am reading, is that they "went in with their laces tied, but without a helmet" so to speak. I'm not sure if that's accurate, but Sony really should have taken down the PSN after the hack and worked to rebuild it then instead of waiting now.

Again, there is a whole lot of speculation in the air, it's become impossible to gather accurate information, but why didn't Sony take down PSN before the hack to reinforce their security?

It seems to me that in general, security isn't up to standard with hackers, there seems to be a serious vulnerability for so much information for even the government, NASA, etc

I_find_it_funny2339d ago (Edited 2339d ago )

In my opinion Sony screwed up big time with security and they will pay severly.

PSN is down for a week in a few hours (dow for me since Thursday morning). It is a disaster. It was supposed to be fixed in two days, over the holidays, but holidays are gone.

Ale we have are "we have no updates" updates.

Raptura2339d ago (Edited 2339d ago )

Sorry, but gamingdroid is correct and goalweiser, you don't know what you're talking about.

Sony, as the corporation as it is, owes a duty of care to each and every customer who offers them their personal information, including their credit card and passwords. It's Sony's duty to keep that information within the organization and do its best to keep that information from becoming public.

Because they failed to keep the info safe, they've become negligent. Anyone affected by this has the right to sue Sony for this breach. It doesn't matter who got the information, how they got it, or why they got it. What matters to you and the case of negligence is that Sony had your information and it was made public.

sikbeta2339d ago

One thing I want to know, If it's proven that PSN was secure and stuff, the hackers, groups of whatever people that did this crap can get involved into this, or it's just Sony? then again, if the douches hide under the interwebz no one can find them, so it can go trough a bigger investigation... nah, it's just win or lose against Sony and the people who did this crap, will be clean and untouchables...

jjohan352339d ago

A few points after reading the article:

-Is ID theft that easy without your social security number (or equivalent in your country)? Sony has never asked us to submit our social security numbers.

-Why is he demanding monetary compensation? Has he lost any money? If it's possible to have identity theft without social security, I can understand wanting free credit report, but monetary compensation?? What a greedy mofo!

AyeGee2339d ago

@gamingdroid

Sony is kind of at fault though.. they should have encrypted our information from the get go, and i'm guessing they didn't. It was all in plain text, like what you see here, with no spaces.

It's a stupid lawsuit, but think of it like this. It's like a bank leaving its vault open, and then locking a glass door to keep people out. All you have to do is break the glass door.

HappyGaming2339d ago

I have 5 PSN account so can I sue them 5 times :D

jk

This seems pretty extreme...
why sue?
Just call you bank to send you a new card within a week everything will be back to normal.

The only people that should be sueing are the banks which may have to print and post about 50 million new bank cards and pins...

Kurt Russell2339d ago

I would sue if I was personally effected. If not there is no basis.

I do however feel let down and will only be using PSN shop bought cards for future purchases. My faith in their security over my details has diminished, which is only fair.

Dee_912339d ago (Edited 2339d ago )

thank cgoodno
gamingdroid keeps going on about sony not encrypting the password when even the hackers chat log hinted that they were indeed encrypted

you keep talking about common sense and saying how easy it would be to encrypt the passwords

wouldnt common sense tell you that if it was that easy they would have done it ?

stop spreading lies to fuel your dumb arguement

you were blaiming sony even before the info about the cc and personal info being breached

@raptura theres no actual proof that anyone info was stolen
sony said it COULLD have been stolen they dont know if it actually was
the guy suing didnt even lose any money hes just like everybody here hes just speculating and assuming things

@ above
yea thats why i hope that the new master key rumor was true because if it wasnt for that getting stolen in the 1st place the ps3 would still be unhacked right now

and its crazy that some of the same people mad at sony for taking other os off are mad at sony now
if other os was still on this wouldve happened eventually

awi59512339d ago

the group did the hacking said sony lied and that said they stole credit card information so the fbi could arrest them. If they did really lie then sony will face another lawsuit for false arrest and lying to police.

AyeGee2339d ago Show
gamingdroid2339d ago (Edited 2339d ago )

"And there is no proof that Sony has done any of this... Only online ranting and speculation."

Actually, it is derived from Sony's own press release. Sony specifically said, the passwords were taken. If the password was hashed/encrypted, that information is useless and the passwords wouldn't be considered taken!

Clearly the breach is severe to the point where almost all the information stored is accessed. Even if you design your server environment correctly, the only way to breach is to hack every layer (and potentially over multiple servers). That's relatively difficult to do.

@GrandTheftZamboni:
"PCI (payment card industry) standard requires that credit card numbers aren't present in clear (readable) format on servers. There are even some credit card issuers that choose not to comply with this requirement."

That is why many large corporations don't store the data themselves, but employ a third party company to do it for them. Not only are they specialist that deals with this ongoing, but it's easy to point the finger at them too when sh!t hit's the fan!

Anarki2339d ago

This will not work. Their eula states they're not liable for loss of data.

GrandTheftZamboni2339d ago (Edited 2339d ago )

PCI (payment card industry) standard requires that credit card numbers aren't present in clear (readable) format on servers. There are even some credit card issuers that choose not to comply with this requirement.

I don't think there is a requirement by this standard to hide other data, such as name, address etc.

But, the US has some crafty lawyers that can sue gun manufacturers for not preventing a kid from taking dad's gun and shooting a brother (true case).

LastDance2339d ago Show
inveni02339d ago

He's not going to win because he filed the lawsuit without cause. Before you disagree, you should know that he has no idea how Sony transmits that information. If they were meeting PCI compliance, then this dude is SOL.

ABizzel12339d ago

It's truly an unfortunate situation. I don't see him having a case, yes there was a breach, and his and everyone else information may be available, but from what we've seen so far Sony has done everything they can to prevent this threat, that's including the GeoHotz case, which now shows proof of why Sony wanted to keep hackers away.

I can't see him or anyone else for that matter winning a case in court, they need to thoroughly read the Terms of agreement, and make sure that Sony didn't violate the terms themselves, to make sure they're accountable for the corruption. And they also need to make sure they didn't agree to anything preventing them from suing Sony for such an event.

If they did agree then it could make the battle that much longer and harder to win. I completely understand why so many people are upset and worried, but the chance of someone stealing your identity is literally 1 in 70,000,000.

It's a completely unfortunate situation, and if anyone needs to be sued it's the people responsible for the hack, and the individual(s) who decided to use one code for everything PS3 related.

baodeus2339d ago

Nonetheless, this situation is pretty serious. Sony could have handle it a little bit better to lessen these catastrophe.

@goalweiser

1. YOU ARE RESPONSIBLE FOR YOUR DATA! Not Sony
- So u are saying that i should give Sony all the informations as required for transaction or purchase on PSN (Sony ask for these informations), but they have no responsibility at all in securing those informations? It is like going to the bank where they have your money, important personnel info, but they don't have to secure those informations so if those information leaks, it is your responsibility. Why the fuck do i go to a bank for? What the fuck are u thinking?

2. You volunteer your information:
- so how else can i purchase anything online with CC for example, when Sony required those informations in order for me to do so on PSN?

3. YOU USED SONY'S FREE SERVICE
- Free as in you have a psn user name and password to let u in on psn for games. Like on n4g for blogging. But your personnel informations aren't part of that when u purchase something on psn. So u are saying because it is free, they don't have to secure your personnal information and can give it out for free as well? Again, what the fuck are u thinking.

4. WAKE UP. You have the power to prevent all this. Don't use PSN. Don't use your computer. Don't go online at all.
- then why the fuck do i need to buy a ps3 for?

I can't believe u got 41 agrees either.

I really think u need to wake the fuck up seriously before telling others.

I don't know what make me more angry, Sony negligence and hackers, or stupid comments like these on n4G?

KDubyah2339d ago (Edited 2339d ago )

Are you kidding or what? I did not see no sarcasm tag, so .. I guess not.
Sony is responsible for your data if it is stored on their servers.
Once it is on their servers, if it's stolen, it's definitely their fault.

If we go by your statement, then here is a little example for you.
It's like you giving me your car, to have it stored in my garage ..
A thief decides to walk in my garage and take your car, who's fault?
You would think mine, huh? Cause it's in my house, my garage. Right?
But, no no, by what you say, you're responsible for what happens to the car.
So, it's not my fault it was taken, I shouldn't need to protect it, right?

Wrong. You see how stupid that sounded?
Sony Servers, Sony's Responsibility..

XRider2339d ago

Before you guys jump to defend (too late) remember personal credit card info was leaked. It's Sony's job to secure that info. If this was MS or Nintendo it would be the same.

Lord_Doggington2339d ago

Kdub!

Are you Kdub from the podcast? what the hell are you doing in the comments section of an article?

lol

zag2339d ago

I wonder if that case is from Anon, After all they are looking after Sony's customers lives.

morganfell2339d ago (Edited 2339d ago )

"...i'm guessing they didn't."

And there is the problem. Everyone from journalists, pretend journalists, to gamers are taking a guess and running with it as fact. Above me I see several people state they are not sure of the truth...but then they turn around in the same post and state Sony is to blame. Draw your own conclusions about such convoluted reasoning.

Xrider, you are acting in a typical fashion. There is zero proof CC info was leaked. We have stories posted on N4G where an 'anonymous' person states he lost 200 dollars to hackers. No name and only 200 dollars. Yes that sounds believable.

killer88snake2339d ago (Edited 2339d ago )

@KDubyah
It's like you giving me your car, to have it stored in my garage ..
A thief decides to walk in my garage and take your car, who's fault?

Not just that. You left the garage door open, and the car-keys inside the car as well.

Saladfax2338d ago

Something very important to note that a few people have brought up:

It does not matter what Sony's EULA states if negligence can be proven on their part. Agreements are always two-sided, and it may not be directly alluded to in the EULA itself, but Sony can still be liable in spite of the agreement.

Think of it like a skiing trip. You sign a waver saying you won't sue if injured or whatever during the course of the trip. However, if your instructor/guide was drunk or the equipment could be proven to be unsafe or substandard, they weren't providing the promised service.

+ Show (35) more repliesLast reply 2338d ago
Dlacy13g2340d ago

more will follow and most likely this will go Federal and all will get lumped into one class action lawsuit.

tawak2339d ago

"more will follow" - yes, "easy money"

MRMagoo1232339d ago

but they wont win all sony has to do is prove they took security measures like encrypting and thats that and it would also seem the logs say they where encrypted.

IcarusOne2339d ago

MRMagoo, you are incorrect.

A large part of his suit pertains to Sony's severely delayed response in informing consumers about the breach. It is immaterial whether or not Sony is compliance with industry security measures. The data was stolen nonetheless, and Sony sat on that precious gem instead of letting us know. And that could easily make them liable for damages.

TurismoGTR2340d ago

Is this a NIGHTMARE???????? Can we please just get pass this and get back to gaming?

ERMAC_2339d ago

In time. When this site is done spamming they same articles over and over you can sell T-shirts saying "I was there...at the PSN outage."

Could make up for those millions of dollars these hackers will steal :B

Larry L2339d ago

Look at all the disagrees people get with level headed comments like yours and all the agrees posts negative towards Sony gets on articles like these.

Funny, fanboys all over the interwebz call N4G a site full of nothing buy PS3 fanboys. Looks quite the opposite to me. And they all just seem to click the disagree button, not make any decent arguments.

The fact is, this site has fanboys of all kinds. And depending on what kind of headlines are making the gaming news, decides on which fanboys come out of the woodwork. When there's possitive PS3 news, PS3 fanboys are the ones commenting all the time. When it's negative PS3 news like this PSN dealie, the 360 fanboys are the ones that come out in droves.

Muerte24942339d ago

Unfortunately, no my friend. This isn't any different from a crackhead slipping on a wet floor, even though there is a sing there. I already know how this is going to end. Sony cannot be held liable for this simply because it was a external attack. It's like trying to sue the U.S. government because a terrorist stole your information. Pandora is going through something similar right now. But the difference is Pandora, themselves, were leaking people information. This is a known risk you take anytime you put your credit card information online.

Clarence2339d ago

I agree. All I can say is blame the hackers. When the hackers get caught idiots send them money to help with court fees and cheer them on for cracking Sony security. Now that your information may have been stolen, people are mad at Sony.

R0me2339d ago

Nono, right now there is something different going on. Normally I am pro Sony, but I also study law and when there will be proof that Sony didnt save our information good enough, common sense starts the fight against fanboy. Seriously some comments are pathetic: Like dont use psn etc.

They must obey the law, even ICO is nervous and starts proving. They must protect our data with a good system that is what counts. If they protected good enough and still all information got leaked, its alright.

If they didnt protect good, but swear the new psn will have good security and show facts. I will trust them again.

We should wait until we get facts of how they treated our data, only then i will judge.

HappyGaming2339d ago

75 million bored PSN users with no network have jumped on N4G just let us spam we will be out as soon as PSN is fixed :P

+ Show (3) more repliesLast reply 2339d ago
darx2339d ago

They will all get lumped into one class action lawsuit.

JLeVRT2339d ago

ppl are too lawsuit trigger happy...

diatom2339d ago

Idiot will need show damages to file a civil case or he is going to be writing a check to Sony's lawyers for wasting their time.

Whats with all the BS stories from this website?

cyborg69712339d ago Show
Max_Dissatisfaction2339d ago

Its not serious, it will blow over. - what every SONY fan has been saying since ps3 was hacked last year

IcarusOne2339d ago

So if it hasn't blown over since last year - in fact the story keeps getting bigger; for example, npr wasn't covering it before, now they are. So if it hasn't blown over yet, at what point does it become serious?

This is the biggest online outage in the history of online. This is the biggest hack in the history of hacks (77 million users). Sony's stock price has already dropped 3 points and it's going to drop more before this is over. And this will end up costing them millions of dollars to fix.

So I'll ask again: when does it become serious?

nsnsmj2339d ago

Unfortunately, yep.

On a slightly unrelated note, I happen to live in Bham, AL. This is quite amusing to me that the first person to sue (apparently) is from here.

Strikepackage Bravo2339d ago

I think they may have a strong case here. Problem is Sony is trying to keep up with a for pay service like XBL without the income of a service like XBL.

Sony is forced to cut costs and do things on the cheap, including things like not having enough layers of security.

MRMagoo1232339d ago

lol the case will be a win for sony i can guarantee it

Raiden2339d ago

lol, I agree Sony is missing out on a 2.3billion income a year because that is what MS makes on it's XBL. So having a dedicated team on call 24/7 is important. Sony have to cut cost because they are not receiving this kind of income. You can't just rely on the system to autodetect hacking you need to have a team on monitoring your servers too. Good luck to all my friends and foes on PS3 i hope your network returns soon. back to my XBL

Lykon2339d ago

ughhh grabbing litigation mania is ugly, desperate and greedy

trancefreak2339d ago

This is serious I canceled my bank card last night and my bank provider was aware of the situation. They said they were receiving 100s of phone inquires already.

4Sh0w2339d ago

Oh come on! Sony cannot prevent world hunger either. Truth is that no infastructure is 100% secure once targeted by a group with the right talent and alot of determination. Hey maybe there was more Sony could have done to beef up their security before this but with so much sensitive info already leaked on the internet, I believe it was just a matter of time, no matter what security was in place. Sonys biggest miscalculation was under estimating the impact their aggressive pursuit of certain hackers would cause within that community but surely they have the right to protect the future of their product and services. As usual sonys PR folks havent exactly done them any favors in this whole mess. Lets put all our differences aside as gamers Sony needs our support, DO NOT LET THE HACKERS WIN, play some SP/offline games, if you have a 360/wii revisit a old favorite, go to the gym, but most of all be patient.

Jazz41082339d ago

This could haunt sony as much as rrod if not worse if these accusations of account fraud are true. All in all a uncomprised network and a reliable machine are important things as these both only hurt us gamers and tarnish sony and ms reputation.

hiredhelp2339d ago (Edited 2339d ago )

There's no evidence he had lost money. Unbelievable [email protected] u John you not a Sony supporter or even seem upset for what Sony going threw but only to see how much your pockets can be filled. Well hope it don't go on another Sony game cos I for one wouldn't want you on my list.. If not bad enough they lost homes families in the quake Sony donating a lot money to them. now Sony gets this crap to handle too with geohotz now anon. Now money leechers.

Vherostar2339d ago

Why am I not surprised this is from the US they will sue for ANYTHING money grabbing sods.

Scary692339d ago

Of course it had to be a hillbilly who has nothing better to do and wasting the courts time. This case will be thrown, people are just idiots.

kikizoo2339d ago

It's a national sport in america$$$, stupid cupid people.

+ Show (17) more repliesLast reply 2338d ago
ZBlacktt2340d ago ShowReplies(3)
HeretoSpeakTheTruth2340d ago

WoW it now has begin 1. it wasnt Sonys fault PSN wont down the hackers where harming it if sony didnt shut it down it could of getten worse trust me

2. i know sony should of said something sooner it would have help alot of gamers who had there credit card information address and everything else stolen but sueing them isnt the answer to it

3. Sony has enough Problems at the moment like

Sony stocks fall rapidly after PSN security breach

Getting PSN back Online (is sueing them really going to get anything Fixed)

Dlacy13g2339d ago

The lawsuit has nothing to do with PSN down time, and has no care about what Sony does in terms of getting PSN back up and running.

These suits will all be about Sony failing to protect sensitive information that they were entrusted with. It was Sony's responsibility to ensure that safety... the true question will be was it "forseeable that what Sony had in place for security was not good enough and they should have done more". If that is proven... then Sony will be on the hook most assuredly.

Clarence2339d ago

Tell me what security is good enough if the pentagon can get hacked? Wikileaks proved that anything can be hacked. There is always someone out there who can cracked the security.