Sony Computer Entertainment has provided the first details of a formal action plan following the massive theft of up to 77 million users' personal data in April. The Japanese company provided information via the U.S. PlayStation Blog Sunday regarding when users can expect the hacked PlayStation Network to resume service, what subscribers can expect in reparation for the network's down time and their stolen personal information, and what is being done to beef up security.
PSN functionality will be restored in stages on a region-by-region basis, the post says. The first services to be restored will include online play, the PlayStation Home social network, and access to account management (where users can reset their passwords), friends lists, and live chat functionality. Users who subscribe to Sony's on-demand service, Qriocity, will have to access Music Unlimited, and users with un-expired movie rentals will be able to resume watching content. Restoration of these initional services will begin "shortly" (the post's title suggests sometime this week).
As for goodwill gestures meant to appease the millions of angry gamers who had their information stolen, Sony is in the process of crafting a package that will provide users with "free entertainment content" based on region. The exact nature of this content has yet to be revealed. Also, current PSN users will have access to a free 30-day trial of PSN Plus, a subscription service that provides early or exclusive access to betas, game demos, and premium downloadable content. Existing subscribers will be given a free month of PlayStation Plus service--a value of about $5--as will subscribers to Qriocity's Music Unlimited service. For those interested, Sony will provide assistance to enrol in identity theft protection programs.
And what is Sony doing to ensure a security breach of this magnitude never happens again? For starters, the company is creating a new executive position with the title Chief Information Security Officer, though the first person to fill this office has yet to be named. Other security measures include the addition of enhanced encryption to protect user data and implementation of a variety of unnamed automated tools designed to detect and defend against software intrusions. Sony is also expediting a plan that was already in place to move to a new and more secure data centre.
When they do get back online, end users can expect to encounter a forced system update that will entail a mandatory password reset. Sony says that these new passwords can only be changed on the system on which they were created or with email verification.
Sony has not released any further details on the motivation for the attack or who the hackers might be.