[wewyor]

It also says it might have been, which is much more worrying to me than the lack of evidence; because before this sony had no evidence that their network was compromised.

This whole thing seems like a great example of incompetence.

[ansy]

This compromise happened DAYS ago. Google was hacked by China in mid-December 2009 they didn't publicly announce what happened until January 12, 2010. What started to look like a harmless intrusion turned into compromised gmail accounts turned into a highly sophisticated attack on Chinese dissidents turned into a full scale assault on their infrastructure. People were still figuring out the extent of that attack a couple months later.

While this is a bad security breach, if you follow security news at all you'd know computer security is a joke. The Rustock botnet operated for FIVE years with impunity on as many as 2.4 million rooted machines. People didn't even know they were owned; their computers worked perfectly fine like nothing was wrong. Every system at pwn2own gets owned in seconds and you can bet the black hats were there first. Everyone gets compromised. The only thing stopping a crippling cyber attack is whether someone feels it is beneficial to do so.

I do not especially fault Sony for this. Google gets hacked. Microsoft gets hacked. The NSA gets hacked. The DoD gets hacked. JP Morgan Chase gets hacked. Just add another multi-national to the list. It's a systemic problem that nobody really cares enough about nor can we do much about it if we did care.

EDIT: Just to give you another idea of how screwed we are from a security perspective. To paraphrase George Carlin[1], some programmers are really stupid. Did you ever notice how much stupid software you see? Think of how stupid the average programmer is, and realize half the programmers are stupider than that. And that bottom half? They probably work in IT, managing over engineered address books and accounting ledgers of the world while smarter people worry about cooler problems.

[1] http://www.youtube.com/watch?v=8rh6qqsmxNs

[daeken]

Being a security guy, I agree that no amount of planning and intelligence will keep out a significantly determined attacker. However, this doesn't give you carte blanche to not think about security. All the evidence presented around this shows that they simply didn't make it difficult at all; as soon as the console fell, so did their system. They seem to have violated every rule in security. That is simply unacceptable.

It's one thing to be attacked by determined people and fail eventually -- given enough time, everyone does -- but it's a completely different matter to give the keys to the castle to anyone with a rooted PS3.

[iloveponies]

It doesn't mean they either know, or don't know. It means their PR isn't willing to fully disclose the exact nature because if they confirm customer data was nicked, class actions will start off rather promptly, and if they say it certainly wasn't, they're seen as over-reacting.