I have just tonight received the email I have been waiting for from Sony in regard to there PSN “Outage”. As you are all probably aware the PSN has been down for a week now and looks like it will be down for at least another week. It would appear that Sony have managed to loose there entire user database to an intruder. the only think they seem to have protected is the security code for credit cards though they are not finished investigating the breach so there is time yet…
The one thing that has struck me is that they have lost all the users passwords… Now this is quite alarming in a number of ways. Firstly let me note the two options I see there being for the loss of passwords as described by Sony (which is vague at best):
1. The passwords were stored in the clear (not protected by a hash) and were in the same databases that have been taken. Or.
2.The passwords were stored in a database that was compromised but they were hashed password.
Now if option 2 is the case I can only guess that there is some worry that the hashing method used is not very strong I.E. a known algorithm with no salt. This would be bad but excusable.
I fear however that Sony have kept the passwords in the clear. This is inexcusable. IF this turns out to be the case I dare say the protection of the credit card security codes will be as equally poor.
I will await the full disclosure of this incident before I decide weather to leave the PlayStation platform for good.