The resumption of service for Sony’s ill-fated PSN has been officially delayed, with Sony now only saying it is aiming for “mid-May”; as if that were not enough, they have admitted leaking more customer data – this time by putting it in a spreadsheet on an unsecured public server for “hackers” to make off with.
Its most recent announcement to the press says it will be delaying resumption of service whilst it rebuilds and re-secures its network, with no firms dates mentioned other than a goal of “mid-May.”
Their last direct announcement to users, made the day before, goes to some lengths to avoid mention of any delay:
As you may know, we’ve begun the process of restoring the service through internal testing of the new system.
We’re still working to confirm the security of the network infrastructure, as well as working with a variety of outside entities to confirm with them of the security of the system. Verifying the system security is vital for the process of restoration.
Additional comprehensive system checks and testing are still required, and we must complete that process before bringing the systems online.
As you’ve heard us say, our utmost priorities are the security of the network and ensuring your data is safe. We won’t restore the services until we can test the system’s strength in these respects.
When we held the press conference in Japan last week, based on what we knew, we expected to have the services online within a week. We were unaware of the extent of the attack on Sony Online Entertainment servers, and we are taking this opportunity to conduct further testing of the incredibly complex system.
Sony’s latest leak is small in scale, but disturbing in form – according to Sony, its staff placed a spreadsheet containing the personal info of 2500 entrants into a 2001 US competition onto one of their employee-use servers.
The server was open to the public and unsecured, and naturally enough someone got wind of it and posted the details on “hacker sites” where it was widely accessed before finally being deleted at Sony’s request.
In fact, the URL was apparently just posted on 2ch by an anonymous user, and subsequently accessed by its curious denizens – all of this constitutes a “hack” by Sony standards it seems.
Sony is said to be investigating how it handles older data, which might include in future not placing it on unsecured public servers and relying on nobody working out the URL.