Sony held a press conference at 2PM (Japan time) to answer questions on the PSN breach. Kazuo Hirai, CEO of Sony, headed the panel with two other officers from the company: Senior VP, Shiro Kambe, and CIO, Shinji Hasejima. Together, they answered questions and provided some explanation for what has been happening. After a short introduction and an opening statement, all three then deeply bowed in a formal demonstration of sincere apology.
Much of what was said was already generally known such as the involvement of the FBI and Homeland Security. However, it was mentioned that the passwords were hashed (giving them some protection) and that Sony reiterated their ongoing efforts to strengthen the network along with their deepest apologies for the inconvenience that this has caused everyone.
They also covered a timeline detailing events from when the intrusion was made between April 17 – 19th and when they shut PSN down on the 20th once detecting it, finally engaging an unnamed “top” security firm in the United States on the 24th to help with their investigations.
Shinji Hasejima, Sony’s CIO, explained that the exploit had gone in appearing as a normal transaction and left the system in the same way, avoiding the conventional security measures they had in place. As with Kazuo Hirai, he promises that stronger measures will be implemented. SNEI (Sony Network Entertainment International) manages the PSN servers’ data center located at an AT&T facility in California.
Kazuo Hirai had also stated they they are not certain that Anonymous is to blame for this breach, referencing only the problems that they have had with the hacktivist group in the past. They still have not determined who the actual perpetrators are. To that end, they are working with law enforcement officials in various countries as the investigation expands.
At one point, it had been mentioned that Sony will cover the fees associated
with the re-issuance of credit cards (presumably such as those a card company may charge for a replacement). When pressed for further details by the press, it was then explained that while there is no clear evidence of leaked credit card info or improper use, if there is illegal usage and the customer suffers damage, then Sony will deal with it on a case by case basis. According to a statement earlier in the conference, there are approximately 10 million
credit cards registered on PSN (out of an estimated 77 million accounts).
A “Welcome Back” program was also mentioned for when PSN returns which includes a thirty day trial period of PS Plus along with a number of other incentives from their Marketplace as an apology to all affected users.
Update (5.01.11): Playstation Blog has updated with a review of what was stated in the conference as well as noting that PSN and Qriocity services will be rolling out worldwide in phases. Also updated the original article above to reflect that the passwords were actually hashed. If you want to watch the whole thing (which is more than an hour and a half), it’s located here.