by Marc Graser
Hackers “overwhelmed” Sony’s PlayStation Network on Sunday, making the service unavailable to its tens of millions of users.
The move brought back painful memories for Sony of a serious 2011 breach that exposed the names and passwords of millions of customers on the PlayStation Network.
While the latest attack wasn’t a significant security flaw in its service, Sunday’s event raises questions whether Sony’s system — which the company sees as a major distribution platform, and thus revenue stream, for video games, movies, TV shows, web series and music — is vulnerable to future hacks.
Sony wasn’t alone with Microsoft’s Xbox Live also hit by hackers. “Gaming and social” features were limited Monday with owners of the Xbox One and Xbox 360 consoles unable to play games online or communicate via chat. The company said its support team was working “to get these issues fixed ASAP.”
“Xbox members, are you having trouble connecting to Party Chat, or running into server unavailability issues within ‘Diablo III?’” Xbox wrote on its blog on Monday. “We are currently working with our partner to get these issues fixed as quickly as possible. Thanks for being patient during this process. We’ll provide an update to you when we have more information.”
A hacker group called Lizard Squad on Sunday claimed to take down the PSN via a similar distributed denial of service (DDoS) attack, which prevented users from streaming Netflix movies or playing multiplayer games online via their PlayStation Plus accounts due to heavy traffic. That was before turning its attention to the Xbox Live service.
On its Twitter feed, Sunday, Lizard Squad posted that it was “preaching” that Sony should be spending more money to protect its customers’ accounts from such hacks.
It tweeted: “Sony, yet another large company, but they aren’t spending the waves of cash they obtain on their customers’ PSN service. End the greed.”
It’s worth noting that DDoS attacks are designed to flood a system’s servers with artificially high traffic and not access encrypted information, but rather disrupt access and overwhelm a service to the point where it must shut down.
The PlayStation Network and Sony Entertainment Network were hit by “an attempt to overwhelm our network with artificially high traffic,” Sony said Sunday in a blog post.
The Lizard Squad also spent the weekend attacking other gaming servers like Blizzard Entertainment’s Battle.net, Riot Games’ “League of Legends,” and Grinding Gear Games’ “Path of Exile.”
In 2011, hacker group Lulzsec attacked the same PSN network, exposing the personal information, including passwords and credit card data, of 77 million accounts. It took Sony 24 days to fix the problem, and spent $15 million to settle a class action lawsuit.
Sony execs are sure to be double checking any security holes that need to be plugged in its system after Sunday’s event.
The PlayStation Network, which offers up streaming services and access to the PlayStation Store to buy and rent movies and other entertainment, is free. However, Sony charges $50 a year for gamers to play multiplayer games on the PlayStation 4. Doing so on the PlayStation 3 is free.
As of July, Sony had sold 10 million PlayStation 4 videogame consoles.
Lizard Squad certainly took the hack to extremes over the weekend, calling out terrorist organization ISIS with a tweet: “Today we planted the ISIS flag on @Sony’s servers #ISIS #jihad” and posting tweets to American Airlines about a bomb threat on an American Airlines flight that carried Sony Online Entertainment president John Smedley.
The plane landed in Phoenix, with Smedley responding via Twitter: “Yes. My plane was diverted. Not going to discuss more than that. Justice will find these guys.”
The PlayStation Network and Sony Entertainment Network are now back online. A scheduled maintenance of the networks, which were set to occur Monday, has been canceled, Sony said on its PlayStation blog.
“The networks were taken offline due to a distributed denial of service attack. We have seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users’ personal information. We sincerely apologize for the inconvenience caused by this issue. Thanks for your patience and support.”