Sony and hacking: proof that once bitten doesn’t necessarily mean twice shy

Sony issued a public apology to “Grand Theft Auto 5” developer Rockstar Games and to fans of the blockbuster video game franchise last weekend after copies of the game that were downloaded from the EU PlayStation Store were prematurely opened by hackers. Whilst the hackers were not able to get the entire game up and running, they did manage to extract critical audio and video files containing details about the “Grand Theft Auto 5” storyline and soundtrack. Naturally “GTA” fans were shocked to see details about the highly anticipated “Grand Theft Auto 5” begin to trickle across gaming forums late last week, especially those who had pre-ordered the game which is due for official release on September 17 on Xbox 360 and PlayStation 3.

Writing on the official EU PlayStation blog, Nick Caplin, head of communications for Sony Computer Entertainment of Europe, said that the hackers obtained copies of “Grand Theft Auto 5” legally by taking part in an offer the company was making to PlayStation 3 customers to allow them to pre-load the game onto their consoles prior to its official release:

“Regrettably, some people who downloaded the digital pre-order of Grand Theft Auto 5 through the PlayStation Store in Europe were able to access certain GTA5 assets,” Caplin said in a statement Saturday “these assets were posted online.”

Sony, however, already has form on this matter and has suffered at the hands of hackers on previous occasions. It was heavily criticised following the much-publicised hacking of 2011 in which millions of users worldwide had their security information compromised. The hacking was one of the largest recorded intrusion attacks ever recorded, surpassing even the 2007 TJX hack. The PlayStation Network outage was the direct result of an external intrusion on Sony’s PlayStation and Qriocity services, in which the personal details of approximately 77 million accounts were stolen, and which prevented users of PlayStation 3 and PlayStation Portable consoles from playing online through the service. That attack happened between April 17 and 19, 2011, forcing Sony to switch off the service until April 20. It took a further 2 weeks for the corporation to admit that personally identifiable information from each of the 77 million accounts had been compromised, and 24 days in total before the service was fully up and running again following the release of Sony’s PlayStation 3 firmware version security patch 3.6.

The repercussions from the 2011 hack have rumbled on for over 2 years, and it’s only recently that the corporation has dropped its appeal over the £250,000 fine it received from the UK Information Commissioner’s Office. The ICO was adamant that the hack could have been avoided if only Sony had taken sufficient precautions and ensured that its network was not vulnerable to intrusion attacks. Sony, still refuses to accept that its security was lacking and maintains that the ICO’s decision was wrong but has accepted that the ‘decision reflected [their] commitment to protect the confidentiality of [their] network security from disclosures in the course of the proceeding.’

Following the latest hacking, videos of the “GTA 5” assets have generally been pulled from sites like YouTube, and Rockstar has requested that fan sites like remove details of the hack.

If your company needs help with security audits, penetration testing or web security solutions from Barracuda Networks, Check Point, Alien Vault and Netwrix, please contact Krypsys on 0845 474 3031 or [email protected].