Security News > 2011 > May > Sony Networks Lacked Firewall, Ran Obsolete Software: Testimony
http://www.eweek.com/c/a/Security/Sony-Networks-Lacked-Firewall-Ran-Obsolete-Software-Testimony-103450/ By Fahmida Y. Rashid eWEEK.com 2011-05-06 Sony failed to use firewalls to protect its networks and was using obsolete Web applications, which made the companyâs sites inviting targets for hackers, a Purdue University professor testified May 4 to a Congressional committee investigating the massive data breach of the Sony game and entertainment networks. Sony disclosed on April 26 that thieves had stolen account information of up to 77 million users on the PlayStation Network and Qriocity. A week later, the company admitted on May 2 that the Sony Online Entertainment gaming service had also been breached, affecting an additional 24.6 million users. About 101 million user accounts have been compromised to date. The stolen data included names, addresses, email addresses and dates of birth. Some credit card information may have been stolen, but Sony claimed the numbers were securely saved as a cryptographic hash. What happened and what Sony is doing about the security breach are the two main questions everyone is asking, from the irate users on forums and blogs, to the various state attorneys-general planning lawsuits, all the way to Congress where lawmakers are holding hearings. [...]