I try to not mention things related to past employers or clients but the scope of this issue is so vast that I feel something must be said.
The short story is that Sony had some kind of hack attack that exposed the full data set of all of their users. And by full data set I mean names, emails, home addresses, passwords, purchase histories and credit card numbers. And by all of their users I mean 77 Million people world wide. Let all of that sink in for a minute. What would you do if every bit of information needed to make a purchase or impersonate you was made available, along with almost all of the security data needed to answer a password question or reset security at any online site?
In my case I had to do something that I should have done long ago: change scores of passwords. I don’t often reuse passwords but I do sometimes create a single master password seed and then add bits to it at the beginning or end. Such was the password that I had on Sony’s PlayStation Network and Qriocity services before this break-in. As of today I’ve now had to slog through the password change procedure for dozens of sites that previously used a variation of what I gave to Sony. I’ve had to start thinking what secret questions and answers are used on the hundreds of sites, banks and other institutions that could now be known to hackers. I had to call my credit card companies and inform them that I am one of the unlucky 77 million suckers who just had their info stolen. And all the while I have to wonder where we are today on privacy and security.
You see, as much as I want to blame the big companies who have all my data and can possibly lose it all (or partner with someone who does) I also have to accept at least a little responsibility for caving in and giving up all of this data in the first place. Worse, since I am also a technology product consultant (product manager or strategy provider, if you will) I have helped to devise and have recommended asking and capturing of some of the very data that is now out in hackers hands. It gives me pause to think that somewhere there’s a nefarious, dark group of criminals using data that was formerly held by someone I worked for and that somehow I may have helped to gather or at least brought customers into that environment.
So although I am many years removed from being a Sony employee I am both angered by and sympathetic to the plight we now find ourselves in. Short of disconnecting from the internet, mobile network devices and credit card companies forever I must find a way to work within and around this system of interlocking and now inter-sharing worlds. I don’t have all the answers but I do know one thing: I will certainly be recommending far less personally identifiable data capture and I will be asking much tougher questions about data security from all my clients, prospective employers and future service providers.
For those folks (users or customers) on the outside of these big companies all I can say is be vigilant with your personal data and make very sure that whoever you give it to really needs all of it AND can protect you when (not if) the next data breach happens. If you can’t get satisfactory answers to how safe you and your data will be with a provider then it’s time to leave and find a provider that will give you that information.
UPDATE: I must have some kind of bad luck. Not even 12 hours passed before another break-in at another online site that compromised my personal data. This time the site was using another one of my “seed passwords” that caused me to spend 3 hours contacting sites and resetting accounts. The idea of disconnecting from the internet completely is starting to make some sense, in a bunker-mentality kind of way.