Thursday, June 02, 2011

Why I'm dumping Sony

Even though I have used Sony products for years,  I have been wary of the company ever since the rootkit fiasco from their music division.  However, the spate of security breaches over the last two months has demonstrated that Sony has absolutely no clue and/or no desire to protect the privacy of its customers.  First there was the PSN and SOE attack.  At the time, it was revealed that Sony was using outdated Apache servers without any firewalls in place.  What's worse is that security experts had warned Sony about this several months before the intrusion took place.  When Sony finally got its system back online, they had to take down the site login because nobody though to fix the password change system (all it required was the user's email and date of birth - part of the info the hackers got from the PSN/SOE servers).

     Today, it was revealed that a group called LulxSec has breached Sony sites again, this time through a flaw in an ad on a Sony page.  These individuals were able to obtain over 1 million emails, dates of birth, and password because the site stored the information in plaintext.  What makes this one worse is that several people have been able to use the data gathered from Sony's servers to hack Gmail and Yahoo accounts because people were using the same password on multiple sites.  This group has also posted the information on their website for anyone to access.

At some point, Sony needs to accept responsibility for their complete and utter failure to provide even a basic sense of security when it comes to protecting customer data.  But as we've seen time and time again, Sony seems to be wholly incompetent at this task.  Given that this is the same company that paid absolutely no attention to consumer rights when they secretly and illegally installed rootkits on users' machines without any notification whatsoever, it seems to me that Sony just can't be bothered to protect its customers.

As a consumer who is concerned about the privacy and security of my data, I cannot support a company that fails so miserably at protecting its customer data.  That is why I am getting rid of my Sony products immediately.  I don't care if certain games are only made for the PS3 or that some features are only available on a Sony Blu-Ray player with internet connectivity.  I'd rather take my business elsewhere to companies that truly value their customers and actively work to protect their personal and private data.  So goodbye Sony - your security breaches will not be missed.

No comments:

Post a Comment