So, Sony's PlayStation Network has been down more or less without explanation for five days, and now I get an email from Sony containing the following things: Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
Wait... what? Let's focus on something in there: While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.
Translated into more practical and less asinine terms that says: "We've been merrily ignoring PCI guidelines and keeping your credit card information in plaintext where anyone could get at it through a simple compromise of our gaming network." Words absolutely fail me on how incredibly wrong that is. As much as I despise Microsoft and everything they stand for, I'm giving Sony exactly 48 hours to come up with an answer that involves taking responsibility for their actions, or I'm selling my PS3 and using the money to buy an XBox360 the copies of the games I was still playing on the PS3. |