Sony Resumes PlayStation Network in U.S., Europe

Sony Corp. Logo
A Sony Corp. logo is displayed outside an electronics store in Tokyo. Sony's online entertainment systems was attacked by hackers in April 2011. Photographer: Tomohiro Ohsumi/Bloomberg

Sony Corp. has resumed partial operation of its PlayStation Network and Qriocity entertainment services in the U.S. and Europe after more than three weeks, the company said in a statement e-mailed to Bloomberg News.

Restored operations include online gaming, chat service and music downloads. Sony plans to restart service in Asia soon, it said in the statement.

The Tokyo-based maker of PlayStation game consoles suspended the services on April 20 after an attack by hackers. The intrusion led to a breach of data on more than 100 million users, the second-biggest online theft of personal information. Frustration swelled among players of online games after Sony failed to deliver on a May 1 pledge to put the network back into service within a week.

Sony boosted security for PlayStation Network and Qriocity by increasing the number of firewalls between servers and adding software to monitor intrusions and system vulnerabilities, it said. The company also appointed Fumiaki Sakai to the newly created post of chief information security officer, it said.

The network is being restored in phases by region, and some U.S. states are still without services, Sony said. It will likely take “a bit more time” to turn on services nationwide and information on roll-out plans will be updated on the PlayStation blog, the company said.

Password Change

Phased recovery has also started in South America, the Middle East, New Zealand and Australia, according to Satoshi Fukuoka, a Tokyo-based spokesman. Users need to change their passwords and go through a mandatory system update, he said.

Sony Online Entertainment, the San Diego-based unit offering games played on personal computers, also resumed some services, Sony said today.

Sony said it plans to restore full operation of online services including purchases of games and video content by the end of May. Inc.’s Web Services cloud-computing unit was used by hackers in last month’s attack against Sony Corp.’s online entertainment systems, according to a person with knowledge of the matter.

Hacker Alias

Hackers using an alias signed up to rent a server through Amazon’s EC2 service and launched the attack from there, said the person, who requested anonymity because the information is confidential. The account has been shut down, the person said.

Drew Herdener, a spokesman for Seattle-based Amazon, declined to comment. Amazon didn’t respond to a request to speak with Chief Executive Officer Jeff Bezos. Cloud security is Amazon’s top priority, Bezos said at an event sponsored by Consumer Reports magazine last week.

Sony offered customers a free year of identify-theft protection after the attack. Thieves may have stolen credit-card, debit records and other personal information from customers of Sony Online Entertainment, a third service. The New York Attorney General’s office has subpoenaed Sony, according to a person familiar with the probe.

Invasions Cost

Network security breaches are part of a trend that saw the costs of such invasions jump 48 percent, to an average of $318 per compromised record last year, according to a March report by the Ponemon Institute.

Malicious attacks in the U.S. are on the rise. They climbed 7 percentage points in 2010, with data breaches costing U.S. businesses an average of $7.2 million per incident, according to the Ponemon Institute report. The study found that about 85 percent of all U.S. companies have experienced one or more attacks.

The use of a hijacked or rented server to launch attacks is typical for sophisticated hackers. The proliferation of server farms around the globe has made such misdirection easier, said E.J. Hilbert, president of the security company Online Intelligence and a former FBI cyber-crime investigator.

Before it's here, it's on the Bloomberg Terminal. LEARN MORE