Sony Ericsson Announces Qriocity Video Service

Sony Ericsson has just announced a new video service for their 2011 range of Xperia branded phones Qriocity.

Qriocity

This new video service will allow Xperia users to buy or rent movies and/or TV shows aired on NBC, International Television Distribution, Paramount Pictures, Sony Pictures Home, Twentieth Century Fox Home Entertainment and Warner Bros. etc. Users will have access to all the latest TV shows and movies,   along with an extensive back catalogue.

Initially, Sony will launch the service on only two handsets the Xperia Mini and the Mini Pro and in nine countries, which include Japan, U.K, France, Germany, Italy, Spain, Canada and United States. Other Xperia handsets (Arc, Pro, Play, Acro, Neo) will get the service later this year via a software update.

With Qriocity, Sony Ericsson aims to compete with the big G’s Movie rental service, and HTC’s Watch service. The blog post from Sony does not mention anything about the average rental price of the TV shows and movies, and the duration you can rent them for. Ultimately, whichever service is cheaper will win.

Sony Finally Comes Clean on PSN and Qriocity Intrusion, Admits That Almost All User Information Was Stolen

SonySony has finally come clean on the PlayStation Network and Qriocity intrusion, and everyone’s worst fears have been realized. Last week Sony pulled down its highly popular PlayStation Network and Qriocity services, which have remained offline since. Initially, Sony offered little by the way of clarification, and only stated that they are working on rebuilding PSN and Qriocity, which have been victims of external intrusion. Rumors flew thick and fast. Most people pointed fingers at “Anonymous“, which had earlier caused temporary outages of PSN. Some suggested that Sony’s actions might have been prompted by the release of a custom firmware called Rebug, which enabled PlayStation users to pirate content from PSN using fake credit card credentials. Unfortunate, the real situation is a lot more critical.

Sony has now revealed that “certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion” into their network. Sony became aware of the intrusion between 17th and 19th April, and turned off PSN and Qriocity on 20th April. The intruder managed to gain access to profile data, which includes name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. Needless to say, all of this is extremely sensitive information. In the wrong hands, this kind of information can be misused in any number of ways. However, the bad news for PSN users doesn’t stop at this. According to the official update:

While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

The fact that your credit card information might be up for sale is unnerving. PlayStation Network, which is accessible via the PlayStation 3 (PS3) and PlayStation Portable (PSP), has more than 60 million registered accounts. If you had your credit card information stored with either PSN or Qriocity, then it’s highly recommended that you change your credit card number. Get in touch with your credit card issuer to find out how you can do so. However, this is something that will take time. In the meanwhile, it’s recommended that you place a fraud alert on your card.

At no charge, U.S. residents can have these credit bureaus place a fraud alerton your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity.

To do this, contact any one of the agencies recommended by Sony (Experia, Equifax and TransUnion). If you also have the nasty habit of using the same password for multiple services, you will have to go through the time-consuming procedure of manually changing passwords for each of those services that had the same password as your PSN account.

In the coming days and weeks, Sony will have a lot of answering to do. What is baffling me is the fact that sensitive information like account password and credit card were obtained by the hacker. It is common practice to secure such data by using encryption along with salting. Unless, the information was stored in plain text, or encrypted using weak techniques like MD5 hashing, the intruder should never be able to extract the original data. If Sony didn’t implement appropriate security measures, then they have no one to blame but themselves, and they will probably have to pay very dearly.

It was also irresponsible to sit on this information for a week before alerting affected users. Sony should have come clean as soon as they knew what had happened. Instead they seem to have been busy trying to save their own ass.

This incident once again highlights the pitfalls of storing your information on the cloud. Every time you trust an online service with your data, you add another source that might be exploited by hackers. It’s time that the congress makes it mandatory for every service that stores sensitive information like credit card numbers to have certain minimum security protections. Sony is currently working on making PSN and Qriocity more secure, and hopes to restore services, at least partially, within this week.

PlayStation Network Continues to Remain Offline as Sony Works on Rebuilding It

PSNSony’s PlayStation Network (PSN) is down for the fifth straight day, and there is no word on when it will become operational again. Earlier, we reported that PSN and Qriocity were pulled down by Sony due to “external intrusion”. In a sparsely worded update, Sony’s Patrick Seybold wrote, “We sincerely regret that PlayStation Network and Qriocity services have been suspended, and we are working around the clock to bring them both back online”.

While Sony didn’t divulge any specifics, it did state that it is working on re-building the system to further strengthen its network infrastructure. The simple fact that Sony chose to suspend its services, instead of restoring the services as it is, and working on beefing up security in the background, suggests that the intrusion was quite severe. The big question is exactly what kind of information, if any, did the hackers manage to get hold of. The PSN is an online multiplayer gaming, and content distribution service that is an integral part of the PlayStation 3 and PlayStation Portable (PSP) experience. Many customers have sensitive information like credit card details. Unconfirmed reports suggest that admin dev accounts were breached. Understandably, Sony is remaining tightlilpped about the nature and the extent of the intrusion. Hopefully, once it manages to get PSN and Qriocity back online, it will share more details. For now, the only thing that we can do is wait.