Sony has recently updated PSN 2FA security features to include 3rd-party apps as well as texting to a number. The update is a step forward in Sony fixing their terrible relationship with security that has led to numerous problems over the past few years. Has this latest update actually managed to rectify PSN’s poor security?
PSN’s Biggest Securit Blunder
PSN’s poor history with security goes back nearly a decade. In April 2011, the PlayStation Network came under attack from an unknown source. At the time, 77 million people had their personal information stores on PSN accounts. All of these users had their data leaked to various websites thanks to the attack. Despite knowing about the attack almost instantly, Sony failed to notify its users for nearly a week, slowing down any potential response.
While credit card information stored via PSN was encrypted, Sony was forced to admit that other personal information was not. Security was so poor that the UK government fined Sony for their lack of user protection. Even after rectifying the lack of encryption, it took Sony 23 days to restore PSN services. This incident was the biggest data breach in history and was the first major sign of Sony’s lack of good security.
PSN and Delayed 2FA
One of PSN’s biggest security failings was its lack of 2-Factor Authentication. 2FA has been around since 1998, and most websites and social media services were using it by the early 2010s. Sony’s PSN didn’t receive a 2FA security option until 2016, 3 years after its leading competitors at Xbox.
Not only did basic security come to PSN 3 years after Xbox users already had it, but it was half a decade since the major breach of 2011. Considering 77 million people had their data stolen thanks to Sony, their delay in introducing decent security measures is unacceptable.
Sony’s Poor Security Practises
It’s not just PSN that has poor security. Several leaks that took place in 2014 revealed Sony to have some shocking security practices. Leaked emails showed that Sony kept passwords in a file named “Password”, and data such as usernames and personal information stores in unencrypted files.
These email leaks also showed that Sony was aware of potential security breaches before the hack happened and did nothing. This inaction is surprising considering the major breach that had occurred only 3 years previously. If the company is so slapdash about their own security, it’s no wonder PSN itself is so vulnerable.
Sony Won’t Help with a Hacked PSN Account
Worse than PSN’s lack of security, is Sony’s lack of willingness to help compromised users. In numerous cases, people whose account has been hacked, find themselves forced to pay for illegitimate purchases or face a permanent ban.
Does the PSN 2FA Update Fix Anything?
PSN’s recent 2FA upgrade is a good step towards better security. The update allows users to log-in securely using a proven app such as Google Authenticator which has been worked on since 2010. However, this doesn’t mean that Sony’s underlying issue has been solved.
After major breaches, Sony has failed to update security properly in the past. Without proof of rigorous PEN testing, any update to 2FA is only going to provide minimal comfort for PSN users. If Sony is still storing personal info on an unprotected spreadsheet, more secure logins aren’t going to help.
Also read: How to recover a hacked PlayStation account
If you’ve been the victim of Sony’s poor PSN security, then contact us and we’ll fight your corner for you.