Sony sued for PlayStation Network data breach

Sony sort of deserved a lawsuit for negligence.

"Birmingham, Alabama resident Kristopher Johns has filed a lawsuit against Sony for failing to “protect, encrypt, and secure the private and sensitive data of its users.”"

I said it before and I'm saying it now, standard practice (and essentially common sense now a days) tell you to hash the password with a salt. If you have to have the original password stored, then encrypt the password with private-public key-pair and guard that private key with your life. That said, there is no reason Sony should keep the original password. NONE!

That is web programming 101! If it was hashed or the private key was kept private, your password wouldn't be in the hands of hackers right now.

In this case, Sony was negligent, more than 70 millions of peoples information and needs to be sued to send a message to ACT RESPONSIBLY!

This guy doesn't really stand a chance in court, does he?

***I said it before and I'm saying it now, standard practice (and essentially common sense now a days) tell you to hash the password with a salt. If you have to have the original password stored, then encrypt the password with private-public key-pair and guard that private key with your life. That said, there is no reason Sony should keep the original password. NONE! ***

And there is no proof that Sony has done any of this... Only online ranting and speculation.

@gamingdroid

You are hilarious.

YOU ARE RESPONSIBLE FOR YOUR DATA! Not Sony.

YOU VOLUNTEERED YOUR INFO. Sony did not steal it from you.

YOU USED SONY'S FREE SERVICE. Now you and every jackal looking to point a finger can get lost. Go to Xbox Live, pay your fee, and then wait for somebody to bring down that network.

Nobody is safe online. Anybody could hack into your computer right now regardless of your protections and who are you going to blame? It's your ISP's fault. It's the computer manufacturer's fault. It's Norton's fault too because they failed to block all the viruses like they said.

WAKE UP. You have the power to prevent all this. Don't use PSN. Don't use your computer. Don't go online at all.

It's too bad Sony can't counter-sue for ignorance because I would line every one of you up and make you sure you never bought a new Sony product again.

For geez sake, hackers broke into the Pentagon, banks, and other major corporations. You think Sony or Microsoft for that matter could prevent it?

Seriously...wake up.

Yeah, best of luck to them trying to prove that Sony didn't take reasonable measures to protect your personal information.

Typical US, sue-happy mentality. Before the facts are even known - SUE!

I think this Weird Al song adequately sums up what's going on here.

http://www.youtube.com/watc...

yeh but i doubt they will win since in the ToS itll say sumin bout there not liable or sumin lol

and as soon as 1 fails they all fail since they can use that one case as proof that theyve not dont anything wrong

however if they lose then.. people will be sueing sony left right and centre then Psn will never be back up :(

Isn't it Sonys responsibility to keep PSN safe and secure?

A network with 75 million users should have security that matches its size and complexity. I'm sure there are best practises for that.

I was reading about how Sony didn't do some encryption or something. I have no knowledge of this whatsoever, but these lawsuits scare me (as a fan of course-- can't help but be pulled in to the "Sony is doomed" hysteria).

Thing with Sony, as far as I am reading, is that they "went in with their laces tied, but without a helmet" so to speak. I'm not sure if that's accurate, but Sony really should have taken down the PSN after the hack and worked to rebuild it then instead of waiting now.

Again, there is a whole lot of speculation in the air, it's become impossible to gather accurate information, but why didn't Sony take down PSN before the hack to reinforce their security?

It seems to me that in general, security isn't up to standard with hackers, there seems to be a serious vulnerability for so much information for even the government, NASA, etc

In my opinion Sony screwed up big time with security and they will pay severly.

PSN is down for a week in a few hours (dow for me since Thursday morning). It is a disaster. It was supposed to be fixed in two days, over the holidays, but holidays are gone.

Ale we have are "we have no updates" updates.

Sorry, but gamingdroid is correct and goalweiser, you don't know what you're talking about.

Sony, as the corporation as it is, owes a duty of care to each and every customer who offers them their personal information, including their credit card and passwords. It's Sony's duty to keep that information within the organization and do its best to keep that information from becoming public.

Because they failed to keep the info safe, they've become negligent. Anyone affected by this has the right to sue Sony for this breach. It doesn't matter who got the information, how they got it, or why they got it. What matters to you and the case of negligence is that Sony had your information and it was made public.

One thing I want to know, If it's proven that PSN was secure and stuff, the hackers, groups of whatever people that did this crap can get involved into this, or it's just Sony? then again, if the douches hide under the interwebz no one can find them, so it can go trough a bigger investigation... nah, it's just win or lose against Sony and the people who did this crap, will be clean and untouchables...

A few points after reading the article:

-Is ID theft that easy without your social security number (or equivalent in your country)? Sony has never asked us to submit our social security numbers.

-Why is he demanding monetary compensation? Has he lost any money? If it's possible to have identity theft without social security, I can understand wanting free credit report, but monetary compensation?? What a greedy mofo!

@gamingdroid

Sony is kind of at fault though.. they should have encrypted our information from the get go, and i'm guessing they didn't. It was all in plain text, like what you see here, with no spaces.

It's a stupid lawsuit, but think of it like this. It's like a bank leaving its vault open, and then locking a glass door to keep people out. All you have to do is break the glass door.

I have 5 PSN account so can I sue them 5 times :D

jk

This seems pretty extreme...
why sue?
Just call you bank to send you a new card within a week everything will be back to normal.

The only people that should be sueing are the banks which may have to print and post about 50 million new bank cards and pins...

I would sue if I was personally effected. If not there is no basis.

I do however feel let down and will only be using PSN shop bought cards for future purchases. My faith in their security over my details has diminished, which is only fair.

thank cgoodno
gamingdroid keeps going on about sony not encrypting the password when even the hackers chat log hinted that they were indeed encrypted

you keep talking about common sense and saying how easy it would be to encrypt the passwords

wouldnt common sense tell you that if it was that easy they would have done it ?

stop spreading lies to fuel your dumb arguement

you were blaiming sony even before the info about the cc and personal info being breached

@raptura theres no actual proof that anyone info was stolen
sony said it COULLD have been stolen they dont know if it actually was
the guy suing didnt even lose any money hes just like everybody here hes just speculating and assuming things

@ above
yea thats why i hope that the new master key rumor was true because if it wasnt for that getting stolen in the 1st place the ps3 would still be unhacked right now

and its crazy that some of the same people mad at sony for taking other os off are mad at sony now
if other os was still on this wouldve happened eventually

the group did the hacking said sony lied and that said they stole credit card information so the fbi could arrest them. If they did really lie then sony will face another lawsuit for false arrest and lying to police.

"And there is no proof that Sony has done any of this... Only online ranting and speculation."

Actually, it is derived from Sony's own press release. Sony specifically said, the passwords were taken. If the password was hashed/encrypted, that information is useless and the passwords wouldn't be considered taken!

Clearly the breach is severe to the point where almost all the information stored is accessed. Even if you design your server environment correctly, the only way to breach is to hack every layer (and potentially over multiple servers). That's relatively difficult to do.

@GrandTheftZamboni:
"PCI (payment card industry) standard requires that credit card numbers aren't present in clear (readable) format on servers. There are even some credit card issuers that choose not to comply with this requirement."

That is why many large corporations don't store the data themselves, but employ a third party company to do it for them. Not only are they specialist that deals with this ongoing, but it's easy to point the finger at them too when sh!t hit's the fan!

This will not work. Their eula states they're not liable for loss of data.

PCI (payment card industry) standard requires that credit card numbers aren't present in clear (readable) format on servers. There are even some credit card issuers that choose not to comply with this requirement.

I don't think there is a requirement by this standard to hide other data, such as name, address etc.

But, the US has some crafty lawyers that can sue gun manufacturers for not preventing a kid from taking dad's gun and shooting a brother (true case).

He's not going to win because he filed the lawsuit without cause. Before you disagree, you should know that he has no idea how Sony transmits that information. If they were meeting PCI compliance, then this dude is SOL.

It's truly an unfortunate situation. I don't see him having a case, yes there was a breach, and his and everyone else information may be available, but from what we've seen so far Sony has done everything they can to prevent this threat, that's including the GeoHotz case, which now shows proof of why Sony wanted to keep hackers away.

I can't see him or anyone else for that matter winning a case in court, they need to thoroughly read the Terms of agreement, and make sure that Sony didn't violate the terms themselves, to make sure they're accountable for the corruption. And they also need to make sure they didn't agree to anything preventing them from suing Sony for such an event.

If they did agree then it could make the battle that much longer and harder to win. I completely understand why so many people are upset and worried, but the chance of someone stealing your identity is literally 1 in 70,000,000.

It's a completely unfortunate situation, and if anyone needs to be sued it's the people responsible for the hack, and the individual(s) who decided to use one code for everything PS3 related.

Nonetheless, this situation is pretty serious. Sony could have handle it a little bit better to lessen these catastrophe.

@goalweiser

1. YOU ARE RESPONSIBLE FOR YOUR DATA! Not Sony
- So u are saying that i should give Sony all the informations as required for transaction or purchase on PSN (Sony ask for these informations), but they have no responsibility at all in securing those informations? It is like going to the bank where they have your money, important personnel info, but they don't have to secure those informations so if those information leaks, it is your responsibility. Why the fuck do i go to a bank for? What the fuck are u thinking?

2. You volunteer your information:
- so how else can i purchase anything online with CC for example, when Sony required those informations in order for me to do so on PSN?

3. YOU USED SONY'S FREE SERVICE
- Free as in you have a psn user name and password to let u in on psn for games. Like on n4g for blogging. But your personnel informations aren't part of that when u purchase something on psn. So u are saying because it is free, they don't have to secure your personnal information and can give it out for free as well? Again, what the fuck are u thinking.

4. WAKE UP. You have the power to prevent all this. Don't use PSN. Don't use your computer. Don't go online at all.
- then why the fuck do i need to buy a ps3 for?

I can't believe u got 41 agrees either.

I really think u need to wake the fuck up seriously before telling others.

I don't know what make me more angry, Sony negligence and hackers, or stupid comments like these on n4G?

Are you kidding or what? I did not see no sarcasm tag, so .. I guess not.
Sony is responsible for your data if it is stored on their servers.
Once it is on their servers, if it's stolen, it's definitely their fault.

If we go by your statement, then here is a little example for you.
It's like you giving me your car, to have it stored in my garage ..
A thief decides to walk in my garage and take your car, who's fault?
You would think mine, huh? Cause it's in my house, my garage. Right?
But, no no, by what you say, you're responsible for what happens to the car.
So, it's not my fault it was taken, I shouldn't need to protect it, right?

Wrong. You see how stupid that sounded?
Sony Servers, Sony's Responsibility..

@news4me
Agreed!

Before you guys jump to defend (too late) remember personal credit card info was leaked. It's Sony's job to secure that info. If this was MS or Nintendo it would be the same.

Kdub!

Are you Kdub from the podcast? what the hell are you doing in the comments section of an article?

lol

I wonder if that case is from Anon, After all they are looking after Sony's customers lives.

"...i'm guessing they didn't."

And there is the problem. Everyone from journalists, pretend journalists, to gamers are taking a guess and running with it as fact. Above me I see several people state they are not sure of the truth...but then they turn around in the same post and state Sony is to blame. Draw your own conclusions about such convoluted reasoning.

Xrider, you are acting in a typical fashion. There is zero proof CC info was leaked. We have stories posted on N4G where an 'anonymous' person states he lost 200 dollars to hackers. No name and only 200 dollars. Yes that sounds believable.

@KDubyah
It's like you giving me your car, to have it stored in my garage ..
A thief decides to walk in my garage and take your car, who's fault?

Not just that. You left the garage door open, and the car-keys inside the car as well.

Something very important to note that a few people have brought up:

It does not matter what Sony's EULA states if negligence can be proven on their part. Agreements are always two-sided, and it may not be directly alluded to in the EULA itself, but Sony can still be liable in spite of the agreement.

Think of it like a skiing trip. You sign a waver saying you won't sue if injured or whatever during the course of the trip. However, if your instructor/guide was drunk or the equipment could be proven to be unsafe or substandard, they weren't providing the promised service.

I agree. All I can say is blame the hackers. When the hackers get caught idiots send them money to help with court fees and cheer them on for cracking Sony security. Now that your information may have been stolen, people are mad at Sony.

Nono, right now there is something different going on. Normally I am pro Sony, but I also study law and when there will be proof that Sony didnt save our information good enough, common sense starts the fight against fanboy. Seriously some comments are pathetic: Like dont use psn etc.

They must obey the law, even ICO is nervous and starts proving. They must protect our data with a good system that is what counts. If they protected good enough and still all information got leaked, its alright.

If they didnt protect good, but swear the new psn will have good security and show facts. I will trust them again.

We should wait until we get facts of how they treated our data, only then i will judge.

75 million bored PSN users with no network have jumped on N4G just let us spam we will be out as soon as PSN is fixed :P