For all you internet denizens out there not “in-the-know” (this would be me most of the time), there was a pretty huge security breach of Sony’s Playstation Network last week. At first, Sony didn’t really seem to want to give any information about what happened, but as the days went on, they gradually let it out that the hackers had gained access to quite a lot of information. This includes names, phone numbers, addresses, emails, usernames and passwords… and maybe they even got Credit Card information. That’s how Sony said it, not me. Then, a couple of days after the initial announcement, they admitted that yes, they probably did get access to CC information as well. Great.
Now for me personally, this wasn’t a huge deal since I don’t have a Playstation 3 and don’t use the Playstation Network. You can imagine my surprise, then, when yesterday I received an email telling me that my private information with Sony may have been compromised in the attack. Say whaaaat? Turns out, there was another cyber-attack a few days after the initial one, and this time they hit Sony’s Online Entertainment division, essentially the PC counterpart to the Playstation Network. I’m assuming that this is where my info was compromised, as I have no doubt that at some point in the past I’ve used SOE to play games online. However, I am at least fairly confident that it’s been so long since I did, none of the information they may have gotten from me will be current anyway. I’ll take whatever steps they recommend to help curb information theft, but at this point, the cat’s pretty much out of the bag. My info done been theft’d.
This got me thinking about the information that we all store online. How many of us these days don’t have some sort of account online, whether it be with Amazon, iTunes, eBay, PayPal, or any other number of companies who save all of our information on their servers. We freely give our information out – sensitive information that we normally wouldn’t trust anyone in the world with – and we sit back and hope nothing happens. When something does happen, we act shocked about it.
There’s a great article on Kotaku about this very topic. Bruce Shneier, a pretty well-known security guru, sums it all up quite effectively:
“Unfortunately, the moral here is that you give your information to a third-party, blindly trusting them, a bank, a credit card company, a phone company, Amazon, J. Crew, or Sony. You are blinding trusting that they will use the information wisely and secure it. And you have no say how they do that and you have no recourse if they **** up.”
Really, that’s about it right there. When a company like Sony screws up and lets your information get stolen, what can you do? You can monitor your credit, sign up for identity protection services, and watch your accounts like a hawk, but in the end there’s nothing that’s 100% effective. If someone wants your information badly enough and they have the skills to get it, you may as well just hand it over to them. This is just a symptom of the age we live in. We give up security for convenience wherever we can.
In the end, I’m not going to sweat it. Just like everything else, when bad things happen, you pick up the pieces and move on. Shneier, in the same article, adds this:
“Even with all of that, most people are really safe all of the time. You’re doing OK, I’m doing OK. I buy stuff online all of the time. I bank online. And what other option is there?”
There’s always Antarctica, I suppose.