Sony has finally come clean on the full scale of the breach in the Playstation Network. It is enormous in scale and more than just an inconvenience to gamers. The hacker was able to get everything needed to launch identity theft on 70 million, yes MILLION, users. I’m in the business of enterprise IT including security and the majority of the breaches I see are the result of unpatched systems or lax administration. The breadth and depth of this baby shows the fundamental design of the Playstation Network had one, and like a whole list, of critical security flaws. Far too much information was exposed than necessary. Companies need to learn to not cut corners on the secure design of systems that store our critical information. No amount of patching will fix these kind of design flaws.
I’m glad I don’t use the Playstation Network. And encourage you to do as I do – never let a merchant store your credit card info for future use. For sites that insist on storing one, such as those that do auto-renewals, I simply obtain a one time use number from my credit card company. The number has a dollar limit just enough to cover my purchase and will expire in a month which provides additional protection. Since the credit card number isn’t my real number it is of little use to a hacker. To avoid the inconvenience of always having to type in my credit card info at merchants I use regularly I find 1Password to be invaluable (and it does a whole lot more to help secure your information).
Update: Personal Data of 70 Million Sony Customers Exposed in Hack.