A lot of people are acting like this is the biggest hack ever.

It isn't like I posted earlier in this thread.

There have been bigger hacks in the last 5 years that stole more sensitive information ( like 100 million confirmed credit card accounts , some of them with SSN and personall information). This is just the one with the most publicity....

And it every previous case it took weeks if not months for the breach to be discovered and notified to people affected...

The biggest known case  is Heartland which affected up to 100 millions credit cards and they are even sure when the breach started to occur...

Heck while you guys are all focusing on this, another huge breach happened less than a month ago at another company.

http://www.reuters.com/article/2011/04/03/us-citi-capitalone-data-idUSTRE7321PI20110403

For those interested ( and especially Squilliam which seems not very well informed), here are 11 largest data breach in recent history :

http://wikibon.org/blog/the-11-largest-data-breaches-in-recent-history/

Dude make a thread outlining all the breaches bigger then this one which had a worse responce 

Assuming a remote client as secure and giving it high privileges just based on some special IDs was an unforgivable security design flaw even when computer networks were born. Even in the oldest networks, if properly set up, a compromised client owned and used by people that shouldn't have any high privileges on the servers can't compromise them. The world is full of infected PCs, they can be gathered in botnets and do DDoS attack, to send spam and phishing mails, to spread furtherly the viruses they are infected with, but they cannot enter correctly secured servers and networks, this is true on a worlwide scale, it should be even more true on proprietary networks that give remote users a lot less freedom than internet. Obviously also servers can have and actually have unknown bugs and holes waiting to be discovered and exploited, if malicious hackers find them before honest ones, but it's a totally different thing from a badly designed network security that lets the malicious hackers pierce it just comfortably hacking their remote clients, without the need to study the servers and find a hole in them, as the hole is actually the aforementioned design flaw that wasn't corrected until the disaster had already happened.

To sum it up: error and bugs happen, design flaws are worse than them, and design flaws made ignoring an easy and fundamental security rule that is taught even in the most basic engineering courses on these matters are the worst of all, really unforgivable. Actually Sony should have hoped that honest hackers found this hole a lot earlier, maybe they could have prevented the disaster. That takes us to two other basic rules: first, security by obscurity never works, it's just a disaster waiting to happen, second, don't sue honest hackers, let them do their work or hobby and just ask them to tell you first about the holes they found in your SW, networks and servers, if they arrive before malicious ones, they'll maybe allow you to thwart the attacks and to preserve the security of your honest users too.

Edit: just to make things clear, Sony isn't alone in doing unforgivable design errors, other users cited many disasters made by banks and credit card companies, but security design flaws of even bigger proportion have been made by MS too, for example until a few years ago, Internet Explorer, even if set up to never memorize passwords, credit card numbers and other sensible data, it nevertheless stealthily memorized them in the file index.dat, that wasn't even encripted, but just obfuscated, and waiting to be stolen (as default file sharing rules and permissions were extremely lax too in old versions of Windows, before the final, and finally decent, Service Packs of Win2000 and XP, if even available at all, 9x versions didn't offer file permissions at all). We are talking about several hundreds million Windows users that for a long period had their personal data at risk, without MS doing anything to protect them, instead having made this gross security hole on purpose, to spy them.

How do you know that it was so easy to hack into the PSN? Im asking because there is no conclusion to any serious independant investigation right now.

Pretty much the same question as the other guy how do you know it was easy but also Sony didn't sue honest hackers he sued fame grubbing ones that leaked how to pirate games on ps3 for a little attention and this really isn't the disaster people are making out to be the most sensitive piece of information was peoples address which isn't that sensitive since hotmail asks for it as well as most free emails and some people even put it on facebook 

It all depends on whether it's true or not that compromised clients (that is PS3s) can compromise the network: if it's true, it's a security design flaw. This doesn't automatically mean it's totally easy to attack, but any network relying on clients' security for its security itself is doomed, sooner or later it will be pierced, as it's the dream of any malicious hacker to be able to just work  quietly and undisturbed on a remote client they have physical access to without having to spy, study and infiltrate a well defended server until it's actually the moment to attack. So yes, there is a big IF, that's tightly tied to one of the arguments used by those that oppose console hacking: if the network is properly set up, hacking a console shouldn't affect it, so that argument would be totally false, if it's true, then there is a security design flaw in the network, but in that case, despite a hacked console would become a danger for it, those to blame would be anyway the engineers that designed the network incompetently. Basically the main clues of a possible incompetence in network design comes just from the arguments used against the users' right to mod the HW they own, if one of the arguments is true, then the network is incompetently designed (but in this case the network designers are anyway more guilty), if the network design is OK and the breach is due to normal bugs or other security flaws not concerning the design, then that argument against modding is blatantly false.

This is totally irrelevant to the issue, whatever the hackers attitude, intentions and honesty (but Sony and many other companies, even when they don't sue, are often against the right of honest users too of modding the HW they bought), a compromised remote client cannot compromise by itself, without further server hacking, a correctly designed and set up network and its servers. This said, as I wrote, even in the worst case there are many companies that did much worse things than Sony about security, this doesn't absolve Sony, but some Sony haters should stop gloating already, chances are that some of their favourite companies did even worse.

And the whole thing your basis it on is a rumor not even confrimed so you might even be wrong about the hole so yeah people really need to lay off Sony since there are so many other examples of companies doing so much worse and not one of one doing better 

Banks have some high end security. Infrared lighting, cameras, thick security walls, etc. They still get robbed. Is it the bank's fault that someone knew what to do to get the money of the many customers the bank holds? That's what you're basically saying right now. I'd say cameras (to see who enters the bank), thick walled vaults (so they can't easily be broken into), and infrared lights (so if the robbery happens at night, it'll trigger an alarm) is preparing for the 'worst case scenario' (the worst case scenario for any bank is being robbed)......but robberies STILL happen. 

It's not a BS analogy. It's the same situation. You're placing blame on the victim for what someone else does. And it's not ok. Just like when women get raped and someone says it was her fault because she was dressing a 'certain way'. No....she was raped because she was raped. And Sony got hacked because Sony got hacked, not because they told someone to do it.

I can name a thousand companies right now that are doing better. They haven't been hacked or had significant portions of data compromised. That automatically puts Sony behind them on the scale you are using. What gets me is everyone seems to assume these other companies got a pass on the same problem. You link news articles slamming the companies over the problem and yet tell people not to do the same with Sony? Why shouldn't they be held to the same standard? Sony also failed in one major one those other companies almost universally didn't. They told their users  the second it appeared the data could have been compromised. There is no excuse for sitting on that information for a week. None at all.

I damn near changed banks after an issue with a data leak that was far less serious. The only reason I stopped is they knew precisley who was potentially affected, informed me immediately and then took steps to make sure none of it came back to me. That is, any charges I contested would be instantly assumed fraudulent unless proven otherwise (not the status quo for debit cards by the by) and I would have no liability for anything potentially related to the mishap.