2:02 JST: Kaz Hirai and follow bow deeply, giving apologies. They plan to discuss corporate strategy in five points.
2:05 JST: On April 20, JST, says Sony, they were first alerted to unauthorized access.
2:06 JST: The first experts brought in determined it was a highly skilled intruder, so Sony brought in a second security firm to determine what had happened.
2:06 JST: Then, they emailed customers and published warning information. So far, so good.
2:08 JST: Yeah, lots of information was potentially stolen. "No evidence that credit card numbers, expiration dates or billing addresses" were stolen, though, according to the livestream translation.
2:09 JST: They haven't confirmed any cases of credit card fraud so far, and will let us know when they have more information. Sounds like they just don't know yet.
There's a diagram up -- attackers accessed a database using a tool of some sort. The Japanese translation here isn't technical enough to tell us what.
Kaz says there will be new security measures to prevent this sort of hack in future. New data center, moved from San Diego to a new location with "more advanced security." Enhanced detection capabilities, automated software monitoring, enhanced levels of data encryption, enhanced everything. Additional firewalls. Sony's creating an Chief Information Security Officer to handle these preparations in future. Good to know.
There will be an additional sign-on security measure of some sort, but Sony's also asking customers to be vigilant and check their credit card statements. Sounds like they're worried about fraud after all. They're asking customers to change all their passwords too, and change all passwords used on other websites that happen to be the same as the PSN ones.
Sony says it will "consider" paying for new credit cards if they have to be re-issued to affected customers.
Yep, 30 day free PS Plus membership, 30 days of free service for Qriocity and Music Unlimited customers and a free gift of some software. Nice gesture.
We missed a bit there, but it sounds like they're planning to restore full network functionality within the month. Considering it's May 1st, that could be quite a wait.
Now Sony's complaining about being targeted by Anonymous, both in the form of direct attacks and protests.
Another round of apologies.
There have been as many as 10 million credit cards registered, but Sony's not sure how many if any have been compromised.
"By the end of a week's time, we'd like to restart our services in order," says the translator. Sony expects there may financial impact of re-issuing credit cards, lost sales on PSN and Qriocity items, etc, but don't have concrete information on the impact yet.
: Again, they say they haven't received any reports of actual damages from credit card fraud as of yet.
: Q: How many people have been affected? What kinds of legal action can Sony take? A: We're still investigating the leak, so it's not possible to say with any certainty the extent of the hack, but there are 78 million accounts. Some users register more than one account, but the volume of data is potentially for 78 million accounts.
Since SNEI (Sony Network Entertainment Inc.) is based in the United States, they're working with the FBI... doesn't sound like they're pursuing any other particular legal action yet, but the translation's a bit spotty.
Sony's discussing the fine points of data leakage and probabilities. Nothing is for certain, it seems, but they have "no trace" that the intruders went into certain parts of the database.
Q: Was this hack exploiting a known vulnerability, or a new one? A: The one at this time was a known vulnerability, but SNEI management was not aware of it. We're creating an information security officer to improve that. (Sony declined to discuss details of the exploit... it sounds like protections against it aren't in place yet.)
Sony plans to deploy credit card monitoring measures region by region.
Q: Why did it take so long to disclose this in a conference like this? A: We shut down the PSN quickly, and it took time to analyze all the data, so we had to take these actions gradually. Once we became aware of the situation, we moved promptly to warn customers.
It also took more time than Sony hoped to shut down parts of the PSN and to analyze the data, Kaz says.
Sony says that there's some speculation, but that it doesn't have any proof that Anonymous is behind the attacks. "It's not that we don't have any infomation at all, but it's still within the realm of speculation," says Sony's translator.
The company says that some security measures were in place, and that the credit card database was definitely encrypted, but... and something was lost in translation here... it sounds like the other user information may not have been.
Kaz is talking about how future devices, including the NGP, will rely on PSN in future. "We have to regain the trust and confidence of our users." Sony will try to achieve that by strengthening network services and communicating with users better from now on, he says.
Kaz suggests that users may be prompted to change PSN passwords more frequently in future.
Q: What message will you deliver to the hackers and pirates? (The speaker seemingly phrased this in the context that such hacks regularly occur and hardware companies have to coexist with such parties) A: We have to be able to protect the intellectual properties and copyrights, and by providing protection systems, we can provide software for users to enjoy... can maintain the ecosystem. We don't want our platform to be undermined.
Kaz is stumbling around a bit (or Sony's translator is) but it sounds like he's emphasizing proactive data protection over ongoing legal action. Forgive us if that's not the case.
Sony decided to correct an earlier statement, saying that PSN passwords were not encrypted but rather hashed.
Both Kaz and the Japanese reporters are repeating themselves a bit now. Here's hoping there's something concrete left to talk about.
One asked about compensation for the personal data leakage, in terms of credit card charge refunds, free software and the like, and Kaz insisted that the gifts are not compensation for the leak -- Sony is not presently compensating customers for the data leak because it doesn't have any evidence of credit card fraud, and Kaz says if Sony gets such reports it will deal with them on a case-by-case basis.
Another reporter asked how many customers have already canceled their PSN accounts, and how Sony will deal with these customers' accumulated funds in their online wallet. It sounds like Kaz dodged the first half of the question -- saying something about how PSN doesn't rely on membership -- but we can't be sure from the translation. He does say, however, that Sony will deal with PlayStation Plus members and the contents of online wallets on a case-by-case basis. Sounds like a hassle.
Reporters and Sony are debating the finer points of when, exactly, the breach was discovered and how Sony intends to protect users in future. We're beginning to nod off here.
Sony is presently looking into structured ways to refund customers who wish to cancel their service, but don't presently have such a mechanism in place.
That's all, folks!