It’s like internet armageddon these days. Amazon’s cloud services went down hard last week, taking several major web sites with them. They were very close-lipped about what happened, and it turns out that maybe the Amazon cloud isn’t quite as cool as they’ve hyped it up to be. Then Sony’s Playstation network took a nose-dive, remaining offline for over a week while Sony engineers dug through the databases and learned that the account information for 70 million users had been stolen. Today Sony revealed that a few weeks ago their Online Entertainment network was also hacked, and the bad guys got away with 25 million more accounts. In all, nearly a hundred million people had their name, e-mail, mailing address, phone number, gender, and birthdate stolen. There’s credit card data in the mix as well– Sony’s already admitted up to ten million credit-card numbers have been stolen, and I imagine they’re going to fess up to some more pretty soon.
All in all, it’s a pretty dark day for the consumers who trusted these services. But hey, we’re all realists here: we recognize that despite a lot of hard work on the part of programmers, bad things sometimes happen. I think a lot of people learned a very hard lesson through all of this. However, I’m shocked by the basic response offered by both Amazon and Sony.
“Oops, our bad. Sorry!”
That’s pretty much it. Oh, Amazon agreed to offer a few days of free service to the customers whose sites were down for days. And Sony is giving customers a 30-day free subscription to their premium service. Wow. Really, guys? You compromise entire companies and the identities of nearly a hundred million people, and that’s the end of it?
I’m not a big fan of lawsuits or legislation, but this seems like a good time to take these guys to task. They screwed up big time here.
What does it mean for me, personally? Not a whole lot– I’m not in Sony’s database, and I didn’t really miss the web sites that crashed and burned at Amazon. But it’s made me rethink some of the security practices at Zing, and I think it’s time to make some updates. I haven’t compromised any of my clients’ data yet, but it’s never too soon to review and rethink what I do to protect it.