Sony Data Breach, part deux: tu as cassé ma confiance (you lost my trust)
Sony has a new problem: a recently disclosed second data breach. A Part Deux, if you will.
It's not actually part two because it happened at either the same time or just before the "other" one. Of course, we're just hearing about it now... That seems to be their method.
24.6 MILLION, (with an M) people's information stolen... That brings the total from the Sony breach to over 100 million people's information. That's a third of the county. I sincerely hope that there is some overlap between PSN (PlayStation Network) and SOE (Sony Online Entertainment). OK, I know, of the 77 million in the original breach or "OB" only 36 million were US citizens. Of the next 24.6 million in the new breach or "NB" we don't know yet how many were US citizens. We do know that 12,700 credit card numbers, debit card numbers, and financial account numbers from the NB belonged to non-US citizens in places like Germany, Spain, Austria and Netherlands. (Good luck in Germany, Sony, their data breach laws are b-brutal)
I have a new question for Sony: Do you have any other online gaming systems?
100 million... that's a big number... and I got to thinking about my Kindle. How many Kindles are out there? This gentleman suggests over 5 million heading into 2011. Remember way back when it was cold and snowy I told you about my Kindle? I got it from Amazon and during the "setup" I had to give them a credit card number. I wonder how that number is doing today? Is it warm and fuzzy all wrapped up in unbreakable encryption? Or is it getting chilly sitting on a server in plaintext just waiting for a visit. I really don't know. Am I entitled to know? Can I call up Amazon and ask them about their security apparatus?
I spent a lot of time reading their "Privacy, Security and Accessibility" webpage.
In relevant part, at least as relevant a part that I could find:
How Secure Is Information About Me?
- We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.
- We reveal only the last four digits of your credit card numbers when confirming an order. Of course, we transmit the entire credit card number to the appropriate credit card company during order processing.
It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer. Click here for more information on how to sign off.
I can read those words, but what do they actually say? Oh, wait, this is for those people using Amazon's website... but what about me? A Kindle user...
Found it: "Managing your Kindle on Amazon.com"
Doesn't help me, lots of information, but nothing about credit cards... except this: they say that they use something trademarked as "1-Click" to make the credit card purchases.
Is it ok to access free unsecured wifi on the MBTA commuter rail and make a wireless purchase via my Kindle and my credit card? Can someone on the train intercept my data? Is it "encrypted" during that process? Maybe the Kindle doesn't transmit any data via wifi, just my "request" for a new purchase. The rest of the transaction happens at Amazon.com. OK, that's just a guess, but a logical one. What about their servers? Can someone get my credit card number from them? A re they encrypted in a "separate table" like Sony's... Can someone "hack" my Kindle and then "get on their servers" and then "get my data"?
I don't know the answers to those questions, nor does Amazon's website help me answer those questions, and you know what? I'm ok with that. I don't need Amazon's security protocol out in the public domain for every Tom, Dick and script kiddie to read.
I just need to TRUST them, and you'd like to think that we can TRUST them. Incidents like these at Sony where 100 million people's information is taken is shaking that TRUST, now isn't it?