This was bound to happen sooner or later. Microsoft has used the Sony PSN Train Wreck to let everyone know how completely and totally serious they are about security. In speaking to Eurogamer Microsoft said, “…the security around our Xbox Live service and member information is our highest priority.”
I believe that to be true. Eurogamer believes it, too. I mean really believes it, by starting their article saying, “Worried about your Xbox Live personal data? Don’t be.”
Not to pick on Eurogamer, as it’s one line in a news article of the thousands they write every day and I read Eurogamer every day. But let me tell you something point blank: you should be worried. Anytime you give out personal information to anyone– online, offline or via friggin’ carrier pigeon — you should, in the back of your mind at the very least, be a little worried.
This is PR. Smart PR. Clever PR. But if you think that Xbox Live is somehow immune from stuff like this, I have a bridge with your name on it.
Bargain priced.
Argued with a coworker about this this morning, as he was boasting about how Live is superior based on this. Don’t get me wrong, I love Live. Think it’s a terrific service, superior to PSN. But the XBox fanboys should get down off their high horse a second and quick laughing about Sony’s misfortunes. Because, if the stolen data proves particularly profitable, the worlds hackers will probably start poking at XBL with more gusto.
No network is 100% safe.
Period.
XBox accounts were hacked in 2006. People had their credit cards stolen due to insecurities over Bungies system that connected to XBox live. Accounts robbed, fraudulent purchases made, and Microsofts response, as always, was “oops!”.
And yeah, you look after your customers, but apparently you can’t look after your staff.
Most of the XBox fanboys claiming it’s more secure are just full of crap. Difference is Microsoft sweep their breaches under the carpet, whereas Sony didn’t have the chance to do that.
Oh, wow, I actually didn’t know that. Didn’t get my 360 until 07.
Fanboism in this generation’s cycle is ridiculous anyway. But I just got tired of hearing it in the office this morning. Thanks for the ammo.
Spot on, Bill. Network security is all about managing risk, not negating it. Boasting about your security might be seen as a bad start in managing risk – there’s no shortage of people out there who’ll be happy to prove you wrong.
Also, I’m sure Sony were also pretty confident that customer security was a high priority that they were managing effectively.
No problem.
I didn’t get my XBox until 2010, but I work in security so I always follow these stories around.
Bill is right. Data loss is something that can and will happen. Hell, companies often send hard drives into recycling companies and leave data all over them. That iPhone prototype left at the bar could have been a USB full of customer info. I recieved confidential documents from an American financial company the other day because they mixed up “gmail.com” with “ymail.com”. I could have sold that data, or published it, but I just deleted it and e-mailed them back instead. It’s literaly that easy for it to happen.
We like to use the line: The only safe network is the one with no users on it.
Obviously XBL is probably no more secure than PSN for anyone willing to go after it. But I think Sony has mismanaged the PR aspect of this situation. The delay in letting consumers know that their information was compromised came days after the network first went down. If you have a network that supports significant financial transactions I would say the very first suspicion you should harbor is that someone went after that consumer information.
The other issue here is that this debacle has really just served as a floodgate for user’s frustrations regarding all of PSN’s inadequacies as a platform. Microsoft can sweep their XBL problems under the rug because it largely succeeds in consumer’s minds. Of course whether that goodwill can hold up if they experience a breach of similar scope is another question entirely.
That is all absolutely true. MS has killed them in the PR war. All of this has reinforced what so many already thought.
On the topic of telling their users, they told us there was a breach on day one. If people feel like they’d rather wait for confirmation on WHAT has been breached rather than takeing action, thats tough on them. Sony said “We were compromised and we shut down the PSN.”, so customers should hear that as “Go check your stuff”. The amount of time people spent from day one going “BUT WUT ABOUT MY CREDIT CARDS AND PASSWORDS?!” they could have called their banks, changed their passwords and be pretty much sorted. They chose not to, and blamed Sony.
It’s like thinking your house was robbed, then sitting waiting for the police to turn up before checking your stuff out to see if anythings missing.
They waited a week so they could confirm exactly what was taken. They had an outside security team in, which would probably go through every transaction, check every staff terminal, and generaly rifle through EVERY FILE on the 77 million people to see exactly whats gone where. I mean, how many people were online just that week? How many connections were made? Who sent money, and where did it go? You don’t just run on “maybe” in this sort of situation. You get iron clad evidence.
Saying this from a security perspective, the fact that they did it in a week honestly amazes me. Thats pretty quick to go through 77 million accounts. I was expecting at least a month.
“MS has killed them in the PR war.”
That’s largely been the case for this entire hardware cycle, not just with this. At least in my opinion.