The technical side of the internet has been buzzing over the last week about the shutdown of Sony's PSN service (the PlayStation Network, which lets users buy & download games, among other things) after someone broke into the servers. Today, we learned that user information was compromised, and that things are worse than simply not being able to play some games.Here's the quote from the official FAQ:
14. What personally identifying information do you suspect has been compromised? Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information provided by PlayStation Network/Qriocity account holders: name, address (city, state, zip), country, email address, birth date, PlayStation Network/Qriocity password, login, and handle/PSN online ID. Other profile data may also have been obtained, including purchase history and billing address (city, state, zip). If an account holder has authorized a sub-account for a dependent, the same data with respect to that dependent may have been obtained. If an account holder provided credit card data through PlayStation Network or Qriocity, it is possible that the credit card number (excluding security code) and expiration date may also have been obtained. (emphasis added)
Now, security's hard to do right; there's always the possibility that someone's going to find a crack that you're simply not aware of. But the two items I highlighted above are especially troubling, since there should be extra security around them.
First of all, passwords should never, never, never be stored in a retrievable form. That's just asking for trouble. Encrypt them securely, and then when you need to authenticate someone, encrypt what they type in and compare it to the value you've stored. (Incidentally, this is what I do on this site and on WriteTrack). If someone compromises your database, all they get is a long string of random characters, with no way to back it out to the original value.
Secondly, although you can't encrypt credit card numbers (since you need the raw number to place a charge at time of purchase), you should work to make it as hard as possible to get that information. One straightforward option, and one which I'm astounded a company as large as Sony did not do, is to store the CC numbers on a separate, locked-down database with an API to update information & place charges (but not to retrieve the number; the PSN network itself should only ever need the last four digits for display purposes).
Like I said, security is hard, but that's no excuse for sloppy work. And I'm afraid Sony's sloppiness is going to cost them a lot of money, both immediately via stock price, but also later on–once the inevitable class action suit gets filed. This is, however, a good reminder for the rest of us to review our security practices–and tighten them up wherever we can.