Sony PlayStation Breach: A Case Study on Security Breaches
VerifiedAdded on 2023/05/31
|22
|1620
|280
AI Summary
This presentation discusses the Sony PlayStation breach in 2011, which resulted from unauthorized access of data. It covers the consequences of the breach, customer response, and ways to prevent such incidents. The breach affected the PlayStation Network, online gaming service, and other platforms, resulting in a loss of $171 million. The hackers accessed private and sensitive customer data, such as names, email IDs, and login credentials. The breach could have been prevented by implementing a comprehensive strategic framework for IT security and risk management.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Sony PlayStation
Breach
Breach
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Security breach is basically an event that results from
an unauthorized access of data, applications, networks
or devices by way of bypassing the underlying securities
mechanisms.
Nowadays, not only business organizations but also the
individuals make use of internet technology in their
routine life to a great extent and as a result of which
they share their private, confidential and sensitive
information on e-platform where there are high risks of
security breaches.
Security Breaches
an unauthorized access of data, applications, networks
or devices by way of bypassing the underlying securities
mechanisms.
Nowadays, not only business organizations but also the
individuals make use of internet technology in their
routine life to a great extent and as a result of which
they share their private, confidential and sensitive
information on e-platform where there are high risks of
security breaches.
Security Breaches
The issue of cyber securities has become quite
common and frequent in today’s world due to
heavy reliance on the internet. During the last few
years large number of incidents has taken place
where massive security breaches were reported.
The PlayStation breach at Sony is the classic
example of securities breach that occurred in April
2011 [3].
Security Breach at Sony
common and frequent in today’s world due to
heavy reliance on the internet. During the last few
years large number of incidents has taken place
where massive security breaches were reported.
The PlayStation breach at Sony is the classic
example of securities breach that occurred in April
2011 [3].
Security Breach at Sony
The PlayStation network breach at Sony was
the outcome of some external intrusion of its
PlayStation Network (PSN) with the aim of
stealing the important customer data of Sony.
When the PSN servers were hit by the Denial of
service attacks (DoS), the criminals of the said
security violation accessed the servers illegally.
The security team at Sony was busy in dealing
with the DoS attacks and hence they could not
recognize the intrusion on time.
Introduction
the outcome of some external intrusion of its
PlayStation Network (PSN) with the aim of
stealing the important customer data of Sony.
When the PSN servers were hit by the Denial of
service attacks (DoS), the criminals of the said
security violation accessed the servers illegally.
The security team at Sony was busy in dealing
with the DoS attacks and hence they could not
recognize the intrusion on time.
Introduction
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
It was identified by the forensic team that the attackers
had exploited a flaw in some of the Sony’s software and
deployed aggressive tactics and techniques to obtain the
network access by the illegitimate ways so as to boost
their network privileges.
Additionally, they used sophisticated techniques to
conceal themselves from the network administrators,
such as deleting the log files.
How the breach occurred?
had exploited a flaw in some of the Sony’s software and
deployed aggressive tactics and techniques to obtain the
network access by the illegitimate ways so as to boost
their network privileges.
Additionally, they used sophisticated techniques to
conceal themselves from the network administrators,
such as deleting the log files.
How the breach occurred?
On April 19, when various servers at Sony were rebooting even
without the scheduled program, the company had discovered
the fact that the data centre of the company which is located at
San Diego was hacked by some anonymous hackers who had
accessed the unauthorized data of the company that was kept
at servers of its PlayStation Network (PSN).
It stole data from77 million users accounts of PSN server and
from the 24.5 million user accounts of Sony Online
Entertainment.
Identification of Breach
without the scheduled program, the company had discovered
the fact that the data centre of the company which is located at
San Diego was hacked by some anonymous hackers who had
accessed the unauthorized data of the company that was kept
at servers of its PlayStation Network (PSN).
It stole data from77 million users accounts of PSN server and
from the 24.5 million user accounts of Sony Online
Entertainment.
Identification of Breach
Between the period of April to May in 2011, not only the
PlayStation Network of Sony but also various other
platforms such as the online gaming service of Sony
computer entertainment and Qriocity which was the
streaming media service of Sony along with Sony online
entertainment, the developer and publisher of Sony’s in-
house game were attacked by LulzSec that was the
unidentified hacker group [4].
Other affected Services
PlayStation Network of Sony but also various other
platforms such as the online gaming service of Sony
computer entertainment and Qriocity which was the
streaming media service of Sony along with Sony online
entertainment, the developer and publisher of Sony’s in-
house game were attacked by LulzSec that was the
unidentified hacker group [4].
Other affected Services
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Shutting down the systems after the
discovery of threats had caused Sony a
substantial cost.
As compensation the company had to offer
free services to its customers for several
days along with the additional free month
subscription.
Apart from this, the company had to also
provide its customers the services in
connection of identity theft protection.
Continued…
discovery of threats had caused Sony a
substantial cost.
As compensation the company had to offer
free services to its customers for several
days along with the additional free month
subscription.
Apart from this, the company had to also
provide its customers the services in
connection of identity theft protection.
Continued…
Between the period of April to May in 2011,
not only the PlayStation Network of Sony but
also various other platforms such as the
online gaming service of Sony computer
entertainment and Qriocity which was the
streaming media service of Sony along with
Sony online entertainment, the developer and
publisher of Sony’s in-house game were
attacked by LulzSec that was the unidentified
hacker group.
Consequences of breach
not only the PlayStation Network of Sony but
also various other platforms such as the
online gaming service of Sony computer
entertainment and Qriocity which was the
streaming media service of Sony along with
Sony online entertainment, the developer and
publisher of Sony’s in-house game were
attacked by LulzSec that was the unidentified
hacker group.
Consequences of breach
It was reported by Kazuo Hirai, the
chairman of Sony Computer
Entertainment America LLC., that the
hackers had rummaged through
various private and sensitive customer
data such as their names, e-mail IDs,
date of births, the account login IDs
and passwords and the online IDS.
As the credit card data of the
customers was encrypted it could not
be hacked by the intruders. However,
the other data was encrypted at the
time of security breach [2].
What Information was hacked?
chairman of Sony Computer
Entertainment America LLC., that the
hackers had rummaged through
various private and sensitive customer
data such as their names, e-mail IDs,
date of births, the account login IDs
and passwords and the online IDS.
As the credit card data of the
customers was encrypted it could not
be hacked by the intruders. However,
the other data was encrypted at the
time of security breach [2].
What Information was hacked?
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Due to the sophistication of the security
breach incident, Sony and the team of
forensic consultants hired for the
investigation of the breach took several days
to figure out and confirm the actual extent of
data loss happened at the company.
The online service facilities at Sony were
kept inactive during the period from April 20
to May 15, 2011 for the purpose of securing
the breach [1].
Period of inactivity:
breach incident, Sony and the team of
forensic consultants hired for the
investigation of the breach took several days
to figure out and confirm the actual extent of
data loss happened at the company.
The online service facilities at Sony were
kept inactive during the period from April 20
to May 15, 2011 for the purpose of securing
the breach [1].
Period of inactivity:
The loss out of the massive breach was estimated
to be around $171 million which included the cost
of business loss and the cost related to responding
to the breach such as identification and fixation of
breach, notifying different subscribers and network
up-gradation [4].
However, the said figure of loss did not include the
cost of actions against the law suits filed by the
customers of the company. There was also a decline
in the share prices of the company in the market
when the news of data breach at Sony came out.
Loss on account of PSN breach
to be around $171 million which included the cost
of business loss and the cost related to responding
to the breach such as identification and fixation of
breach, notifying different subscribers and network
up-gradation [4].
However, the said figure of loss did not include the
cost of actions against the law suits filed by the
customers of the company. There was also a decline
in the share prices of the company in the market
when the news of data breach at Sony came out.
Loss on account of PSN breach
As the company did not announce the news of
stealing of their customer data till the date of
26th April, 2011, it was highly criticized by its
customers.
Customers as well as the regulators have
always called for the transparency from the
companies whenever a breach like Sony
PlayStation breach occurs. However Sony
failed to meet this expectation and on
account of this it had to face serious criticism
in legal and other business terms.
Customer’s Response to the
breach news:
stealing of their customer data till the date of
26th April, 2011, it was highly criticized by its
customers.
Customers as well as the regulators have
always called for the transparency from the
companies whenever a breach like Sony
PlayStation breach occurs. However Sony
failed to meet this expectation and on
account of this it had to face serious criticism
in legal and other business terms.
Customer’s Response to the
breach news:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The company officials were called up by the US IT law regulators
and imposed heavy fines on the company for not having the
adequate systems of data securities, in place.
As per Shinji Hasejima the CIO at Sony, the breach has occurred in
the web application service platform of Sony PlayStation Network.
The said vulnerability was a known one and could have been
avoided if proper measures of data security were undertaken on
time [2].
Could the breach be prevented?
and imposed heavy fines on the company for not having the
adequate systems of data securities, in place.
As per Shinji Hasejima the CIO at Sony, the breach has occurred in
the web application service platform of Sony PlayStation Network.
The said vulnerability was a known one and could have been
avoided if proper measures of data security were undertaken on
time [2].
Could the breach be prevented?
The IT security and risk managers at Sony
should have adopted and implemented a
comprehensive strategic framework to protect
the data of its customers throughout the life.
The said framework suggests that the IT risk
managers must ask themselves few questions
well in advance [1]. These questions relates to
following areas:
How could the breach be
prevented?
should have adopted and implemented a
comprehensive strategic framework to protect
the data of its customers throughout the life.
The said framework suggests that the IT risk
managers must ask themselves few questions
well in advance [1]. These questions relates to
following areas:
How could the breach be
prevented?
Governance:
Who will take the accountability to protect the data
assets of the business?
How will the company’s top management ensure
that the accountable person has proper access to
the required resources and information?
Risk Management:
What are the possible data security vulnerabilities at
Sony and what could be the possible impacts of the
same?
What information must be safeguarded at the top
priority?
Continued…
Who will take the accountability to protect the data
assets of the business?
How will the company’s top management ensure
that the accountable person has proper access to
the required resources and information?
Risk Management:
What are the possible data security vulnerabilities at
Sony and what could be the possible impacts of the
same?
What information must be safeguarded at the top
priority?
Continued…
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Integrity Security:
How the security investments shall be prioritized so
as to minimize the risk of overall risk profile?
Incident Management:
How a security breach, which if materializes, would
impact the company?
How could the impacts of the breach be
minimized?
Continuity Planning:
If the operations of the company are disrupted,
how long will it take to resume the normal business
operations?
Continued…
How the security investments shall be prioritized so
as to minimize the risk of overall risk profile?
Incident Management:
How a security breach, which if materializes, would
impact the company?
How could the impacts of the breach be
minimized?
Continuity Planning:
If the operations of the company are disrupted,
how long will it take to resume the normal business
operations?
Continued…
If the above discussed framework was
implemented properly, Sony could prevent
the occurrence of PSN breach to some
extent. However, it is a general fact that
even after the application of best securities
measures the cyber crime incidents cannot
be prevented completely [2].
The other ways that could prevent the PSN
breach could be:
Continued…
implemented properly, Sony could prevent
the occurrence of PSN breach to some
extent. However, it is a general fact that
even after the application of best securities
measures the cyber crime incidents cannot
be prevented completely [2].
The other ways that could prevent the PSN
breach could be:
Continued…
IT security framework
Source: https
://www.strategyand.pwc.com/media/file/Limiting-the-impact-of-data-
breaches.pdf
Source: https
://www.strategyand.pwc.com/media/file/Limiting-the-impact-of-data-
breaches.pdf
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Sony must have had deployed proper
security software to protect the endpoints,
the software and other security related
technology had updated regularly.
Further, it must have applied more
advanced measures such as network
intrusion detection or/and penetration
testing.
The corporate communication at Sony must
have been encrypted.
Continued…
security software to protect the endpoints,
the software and other security related
technology had updated regularly.
Further, it must have applied more
advanced measures such as network
intrusion detection or/and penetration
testing.
The corporate communication at Sony must
have been encrypted.
Continued…
Even the strongest securities measures
could not completely protect Sony.
Thus, the impact of the breach could have
been reduced if there was an adequate
system of contingency plan to act
proactively.
Further, the information of data loss must
have been communicated on the earliest
basis.
Ways to reduce the impact of
incident
could not completely protect Sony.
Thus, the impact of the breach could have
been reduced if there was an adequate
system of contingency plan to act
proactively.
Further, the information of data loss must
have been communicated on the earliest
basis.
Ways to reduce the impact of
incident
[1]Fortune. “Why Sony didn't learn from its 2011 hack”. Available at:
http://fortune.com/2014/12/24/why-sony-didnt-learn-from-its-2011-hac
k/
[Accessed on: 24.11.2018], 2014.
D. Riedel. “Could the Sony breach have been prevented”? Available at:
https://www.scmagazine.com/home/opinions/could-the-sony-breach-ha
ve-been-prevented/
[Accessed on: 24.11.2018], 2015.
Reuters. “Sony PlayStation suffers massive data”. Available at:
https://www.reuters.com/article/us-sony-stoldendata/sony-playstation-
suffers-massive-data-breach-idUSTRE73P6WB20110427
[Accessed on: 24.11.2018], 2011.
Tech Target. “FAQ: What is the Sony PlayStation Network security
breach's impact”? Available at:
https://searchcompliance.techtarget.com/tutorial/FAQ-What-is-the-Son
y-PlayStation-Network-security-breachs-impact#cost
[Accessed on: 24.11.2018], 2011.
References:
http://fortune.com/2014/12/24/why-sony-didnt-learn-from-its-2011-hac
k/
[Accessed on: 24.11.2018], 2014.
D. Riedel. “Could the Sony breach have been prevented”? Available at:
https://www.scmagazine.com/home/opinions/could-the-sony-breach-ha
ve-been-prevented/
[Accessed on: 24.11.2018], 2015.
Reuters. “Sony PlayStation suffers massive data”. Available at:
https://www.reuters.com/article/us-sony-stoldendata/sony-playstation-
suffers-massive-data-breach-idUSTRE73P6WB20110427
[Accessed on: 24.11.2018], 2011.
Tech Target. “FAQ: What is the Sony PlayStation Network security
breach's impact”? Available at:
https://searchcompliance.techtarget.com/tutorial/FAQ-What-is-the-Son
y-PlayStation-Network-security-breachs-impact#cost
[Accessed on: 24.11.2018], 2011.
References:
1 out of 22
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.