In 2005, Sony caused a furor when a U.S. programmer discovered that XCP software on a Sony music CD had installed copy-restriction software on his computer that was hidden using a rootkit. Antivirus companies later discovered Trojan horses that exploited this software to avoid detection and found that another type of Sony DRM, MediaMax, also posed a security risk.
Sony stalled, stonewalled, prevaricated, misled, and even blamed a subcontractor before being dragged kicking and screaming into an admission of guilt. A class action lawsuit followed.
Now, in 2011, Erica Ogg reports in Circuit Breaker that the corporation has admitted in its blog that more than 70 million customers' personal information, including customer names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, and user names, as well as online user handles, was obtained illegally by an "unauthorized person" between April 17 and April 19.
The corporation also "cannot rule out the possibility" that credit card information also was taken.
It took Sony five days to level with its customers about the consequences of what knocked its service offline. Midway through last week users noticed error messages when trying to sign into the service. While the company initially acknowledged the service was inaccessible on Friday, it offered no explanation of why and said PSN would be back up and running in a "day or two."