By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Sony Discussion - Sony hack could cost Sony $318 per account!?

Rath on 27 April 2011
Xenostar said:

One thing ive found amazing about all this is when sony announced they had 70million accounts everyone poo pooed it as multiple accounts, sock puppet accounts and so on, but now psn has been hacked its suddenlly up to 75 million accounts in some reports and seemingly every account has a credit or debit card attached to it. 

So i call reports like this one utter bollox just people looking to scare monger with the absolute worst possible scenario and in a lot of cases actually impossible scenarios cos there stats there basing there guestimations on just arent true.


By anecdotal evidence I think there has to be at least ten million duplicate accounts, but there also has to be tens of millions of unique users. The scale of the breach is still huge.



Around the Network
irstupid on 27 April 2011
walkerj said:

I was being sarcastic, but securing a server for 100 peoples isn't ten times the price of securing a server that supports 10 poeple. It's not realistic. Obviously a widespread problem costs more to fix, but it isn't relative to user accounts.

no its not obvoiusly.  but sony has what to fix a problem that deals with 50 million ps3's, and 67 million psps.

and how many different models are there?  firmware updates? ect you name it.  THey have to get an update out there that will let all those 117 million consoles connect to the internet, do their psn account, do personal and credit info and be safe and secure.

the 70 million accounts means nothing, except a number a lawyer can throw around in court to get his big commission. 



walkerj on 27 April 2011

Also, this "court" thing people keep mentioning. Sony isn't going to lose a lawsuit. Read your EULA. There is no guarentee of money for anything that has happened here. Data wasn't improperly secured, it was accessed by hackers. And speculation that passwords were plaintext is a nonsense rumor. Sony kept the PS3 unhackable for 4 years and people think they would store data like that insecurely?

The only thing someone could sue for is a failure by Sony to meet certain security regulations that specifically, financially impacted users. Well, noones been impacted, and I doubt 5% of PSN accounts have credit card numbers associated with them.

Most people on PS3 use network cards, and many PSN accounts are on TV's, and blueray players. Etc.



irstupid on 27 April 2011
Rath said:
irstupid said:
 

thats not how legal action works.  one person would win and n oone else would be able to sue.  you can't be sued over the same thing twice.

and you are also missing what these costs include.  thse numbers are mostly guestimates of missing revenue or lost sales.  I mean during this down time, sony could have missed out on getting a few billion in psn sales.  meanwhile they are incuring a few billion more in costs.  Thus what would have been a 3 billion revenue, turns into a 0 billion revenue and 3 billion expense.  a 6 billion dollars cost overall.   and lets not forget stock.  these also estimate a loss in stock value.

is sony going to have to fork oer 23 billion dolalrs?  hell no. 

No, that's not how legal action works. Each individual is allowed to sue for damages to them. You're thinking double jeopardy I think, which is criminal law (you cannot be tried for the same crime twice, but criminal and civil law are very different).

Though most likely something with this many people affected would lead to a class action suit.

no i'm not.  when cigarette companies got sued they were sued on behalf of EVERYONE.  that is what would happen here.  Sony woudl be sued on behalf of EVERYONE.

if joe bloe goes to court and wins against sony for a few million dollars, i can't go to court with same charge and hope to win.  They would say no, that joe bloe won the case and he represents everyone effected by this case.



imaprettyhotguy on 27 April 2011
irstupid said:
walkerj said:

I was being sarcastic, but securing a server for 100 peoples isn't ten times the price of securing a server that supports 10 poeple. It's not realistic. Obviously a widespread problem costs more to fix, but it isn't relative to user accounts.

no its not obvoiusly.  but sony has what to fix a problem that deals with 50 million ps3's, and 67 million psps.

and how many different models are there?  firmware updates? ect you name it.  THey have to get an update out there that will let all those 117 million consoles connect to the internet, do their psn account, do personal and credit info and be safe and secure.

the 70 million accounts means nothing, except a number a lawyer can throw around in court to get his big commission. 

So far there haven't even been on reported case of someones psns info being used against them, and in a lawsuit they would have to prove the majority of them were by court standards, and thats just not gonna happen especially considering Sony didn't inproperly secure any of the info



Around the Network
imaprettyhotguy on 27 April 2011
walkerj said:

Also, this "court" thing people keep mentioning. Sony isn't going to lose a lawsuit. Read your EULA. There is no guarentee of money for anything that has happened here. Data wasn't improperly secured, it was accessed by hackers. And speculation that passwords were plaintext is a nonsense rumor. Sony kept the PS3 unhackable for 4 years and people think they would store data like that insecurely?

The only thing someone could sue for is a failure by Sony to meet certain security regulations that specifically, financially impacted users. Well, noones been impacted, and I doubt 5% of PSN accounts have credit card numbers associated with them.

Most people on PS3 use network cards, and many PSN accounts are on TV's, and blueray players. Etc.

Another smart person, we really need to make a group or something 



Baalzamon on 27 April 2011
irstupid said:
Baalzamon said:
walkerj said:

Of course this isn't true! God I don't know why people bothr with these stupid proedictions. The average cost of a data breach was 318 dollars. Per BREACH not per USER. Most breaches like this don't cost anyone money. The credit company tends to swallow individual claims. Ex. Someone steals your card and buys something from newegg.com. You complain to the credit company, they reemberse you and usually issue a new card. Newegg has your money, but the credit company pays you back.  And this only applies to the people who are actually victims of credit theft, which currently ammounts to 0 people. The biggest cost for Sony will be PR and how ever many millions they are paying this private security firm.  

There is no user to breach ratio that can be applied here. Imagine most security breached include a hundred people. Now imagine the cost of the break is $31,800. That is 318 dollars per person. Now imagine the breach involves 1500 people. The cost is still going to be $31,800 to fix the problem. The price of fixing broken security doesn't magically increase based on user accounts.

 

If K-mart is compromised and 100 peoples info goes out there it costs them the same as if 1,000 peoples info gets out there. They don't absorb the cost of reimbersement, and Sony definitely doesn't. This stuff was obtained from a hacked PS3 with a custom firmware and a hackers program.

Unless security firm Alpha charges 23 billion per review, then this report is absolute trash.

I was thinking about that, but I'm pretty sure this is technically 77 million malicious acts, because you are doing it to 77 million accounts, just like if you murdered 3 people, you would be tried for 3 acts of murder, not 1 (probably a dumb analogy, but it makes sense to me.)

Don't get me wrong though, I have serious doubts this will cost Sony even $1 billion.  Actually, I find it hard to believe it will cost them anything even close to that much, even if all lost revenue is seen as a cost.

thats my point.  in court sony will be held accountable for 77 million malicious acts.  they aren't going to be able to prove if one is real or not. 

and i wouldn't be surprised if they are close to a billion now already.  How much you think they have spent fixign it so far?  how much have they lost in psn sales, how much has their stock gone down in the past week?

I truly have no clue what software costs to fix/rebuild, but even if they were to have 5000 people right now fixing the server.  Lets just say they average $100,000 a year.  You are talking about wages of ~$10,000,000 thus far.  And I have no clue what psn sales accumulate to, but even if they are $2 million per day for instance (a random guess), you're talking ~$20,000,000 more thus far for lost revenue.  As for their stock, it was 29.25 on April 18th, and is now 28.93, which is just over a 1% loss.  I'm not totally sure how this works, but if you take the market cap of ~$29 billion, 1% of that is ~290 million.

So overall costs are up to $320,000,000 with my analysis, if stock changes are included.  Now, lets just say other costs associated with this, PR, the security firm, etc., make it add up to a total cost of $400,000,000 thus far.

Now, obviously they will still have further costs of fixing it, but the major cost that could approach is a potential lawsuit.  I'm not very knowledgeable on law, but how big of a lawsuit could possibly be filed against Sony, if, say, all 70 users teamed up saying their identity (name, address, birthday, potentially credit cards, etc) was stolen?  I really do doubt that it would get up into the billions of dollars.  You are talking something that would just make Sony file for bankruptcy, which does absolutely no good.



Money can't buy happiness. Just video games, which make me happy.

Baalzamon on 27 April 2011
walkerj said:

Also, this "court" thing people keep mentioning. Sony isn't going to lose a lawsuit. Read your EULA. There is no guarentee of money for anything that has happened here. Data wasn't improperly secured, it was accessed by hackers. And speculation that passwords were plaintext is a nonsense rumor. Sony kept the PS3 unhackable for 4 years and people think they would store data like that insecurely?

The only thing someone could sue for is a failure by Sony to meet certain security regulations that specifically, financially impacted users. Well, noones been impacted, and I doubt 5% of PSN accounts have credit card numbers associated with them.

Most people on PS3 use network cards, and many PSN accounts are on TV's, and blueray players. Etc.

I've brought it up, because there is always the possibility, you just never know.  I do highly doubt it though.  Businesses are having data stolen from them all around the world on a daily basis.  You don't see lawsuit after lawsuit after lawsuit sueing these businesses for that.



Money can't buy happiness. Just video games, which make me happy.

youarebadatgames on 27 April 2011

Costs: Legal fees, security consulting fees, settlements from the class actions, restitution for service interruption, lost sales, credibility with users and publishers, insurance, etc.  One thing is for certain, skimping out on network security/infrastructure definitely came back to bite them in the ass.

Sony could have covered this up, but if the hacker were to publically claim responsibility and show proof they would have incurred even more damages in addition to just the leaked data - that would be criminal.  As long as the possibility exists that the data has been compromised, companies MUST disclose that information.

It's unbelievable that people are still in denial defending Sony.  Guess what, there WAS an intrusion, and there is the possibility of a compromise of personal information and credit card numbers, they said so themselves.  The forensic investigation may never be conclusive, but absence of evidence is NOT evidence of absence.



Xenostar on 27 April 2011
Rath said:
Xenostar said:

One thing ive found amazing about all this is when sony announced they had 70million accounts everyone poo pooed it as multiple accounts, sock puppet accounts and so on, but now psn has been hacked its suddenlly up to 75 million accounts in some reports and seemingly every account has a credit or debit card attached to it. 

So i call reports like this one utter bollox just people looking to scare monger with the absolute worst possible scenario and in a lot of cases actually impossible scenarios cos there stats there basing there guestimations on just arent true.


By anecdotal evidence I think there has to be at least ten million duplicate accounts, but there also has to be tens of millions of unique users. The scale of the breach is still huge.

Yeah im not trying to downplay the scale of the actual problem it is huge, its just no where near the scale of these scare mongering posts. Anyonbody multiplying anything by 70 million is just going to be miles out.