Sony crisis: The expert panel

Sony Computer Entertainment President Kazuo Hirai alongside vice presidents Shiro Kambe, left, and Shinji Hasejima, right
Image caption Sony's three most senior executives have apologised for the data breaches.

Sony's woes show no sign of abating with the revelation that 25 million users of its Sony Online Entertainment system may have had their personal information stolen.

Players of multiplayer games, including DC Universe, Everquest and Fortune League are among those affected.

The company is still dealing with the fallout from another attack which saw the details of 77m PlayStation Network users fall into the hands of hackers..

BBC News has garnered the opinions of experts in a range of fields to assess Sony's handling of the crisis, and where it can go from here.


Image caption Sony needs to be open and honest

Richard Merrin is the managing director of PR agency Spreckley and has advised a range of companies on crisis management over a number of years.

"In terms of PR, this has been the most extraordinary example of both how not to do it and, at the same time, how to do it well.

In the first instance, Sony waited ten days before telling users what was happening which is a classic error in terms of communications.

It knocked consumer confident and damaged Sony's reputation.

But with the second incident, it has acted extremely quickly and seems to be following the four golden rules in crisis PR - to be open, honest, transparent and fast.

It has given customers an extra 30 days breathing space to pay their accounts and it has said that is working with the FBI to track down the perpetrators.

No company can take a chance of losing even one customer and gamers can easily jump from one platform to another.

If I was advising Sony I'd say it needs to provide a daily update on what is happening and then tell the world as soon as they know how it happened, why it happened and how they will stop it happening again.

This latest breach exposed the fact that Sony was storing old data from 2007. It probably has to keep this information to comply with data policies around the world and companies will increasingly have to address their legacy data systems.

Everyone will have seen the three senior executives at Sony bowing and apologising and I think they have done the right thing. That will resonate globally."


Image caption Consider lying about personal details

Graham Cluley is a senior security consultant at Sophos and has been tweeting and blogging about the crisis at Sony since it began.

"This new breach is embarrassing for Sony because it will affect an even wider group of people.

One of the interesting things to emerge from the second breach is that the data was from 2007. I'm not sure if Sony is saying that this data is now obsolete and credit cards will have expired but it does raise the question of why it is keeping such data? The sensible thing to do would be to delete this data. It seems like bad practice to keep it.

However the advice for users remains the same. People need to be more careful with their passwords and make sure that they have different passwords for different online accounts.

People should also consider lying about some of their details. I have given Facebook a phoney date of birth for instance. This may technically be against Sony's terms of conditions, as you need to be a certain age to play certain games but you can tell them how old you are while still not giving the right date of birth.

It may also be that people should consider having a different credit card for online purchases so that, if it is compromised, the impact is lower.

There has been a lot of speculation about how Sony's security was breached with some saying hackers used maintenance accounts that are used by staff but that is purely speculation and at this time we simply don't know the details.

Other companies shouldn't be too smug about Sony's misfortune. The advice is 'look to your own systems'."


Image caption It makes other consoles look more attractive

Stephen Mendonca is a PlayStation owner from London. An avid fan of the Call of Duty series, he often plays online... when the PlayStation Network is working.

"With such tough competition in the gaming industry, Sony can't afford a mess up like this.

I have been a loyal PlayStation user for several years and even I am now debating Sony's future.

They not only have to worry about what us - the consumers - now think, but also what prospective game developers will see in their suitability.

Exclusive games to a particular console are a key factor when gamers choose what console to put their money into, and if game developers see things the way many of us PlayStation users do, they won't want their name associated with them.

That will make other consoles like the Xbox 360 look very much more attractive, almost causing a vicious cycle."


Image caption Gamers will probably stay loyal to Sony

Tim Ingham is the editor of thinks that the big question facing Sony is how the PSN hack and subsequent security breach will affect gamers' long-term loyalty to the company's online services.

"Sony has made it clear that web-based entertainment is at the very heart of its future. In a few years, it's likely we'll see an all-out battle between the likes of Virgin, Sky, Microsoft, Sony and even the BBC, Apple or Google to own your home's de facto entertainment hub - providing movies, music, television and games via a web connection in your living room.

The PlayStation brand is Sony's biggest weapon in this war, and its reputation for being solid, reliable and safe is paramount to its chances of future domination.

In terms of PR, I think Sony can turn it around. There's a lot of work to do, but gamers will remember how quickly Sony acted in taking down an entire profitable network at the first sign of danger.

In addition, consumers are often quickly outraged by this sort of wobble from a global corporation - but we tend to have short memories if we're not personally damaged by a given incident.

So far, we haven't seen a single report of any credit card fraud with a proven link to Sony's networks being hacked, which is very reassuring. If that changes, Sony will have a much bigger, very troublesome job to remedy any lasting mistrust.

It's worth mentioning that gamers are very tech-savvy individuals. A wide-scale breach like this is scary stuff, but we are well aware of the hacking community and what they're capable of.

If this was a social network or an online supermarket, it would perhaps be more of a major shock to the consumer base - many of whom would be less au fait with the realities of online content than console owners. It would engender worries about using those services in the future.

But gamers are all-too-cognisant of how 'talented' some hackers are, and how capable they can be of breaking through even the most sophisticated security systems."

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites