Users trade security for usability, experts warn, and that can give hackers a way in.
Security experts say that rather than try to break into banks and big retailers directly, hackers are increasing targeting social networks and systems like PSN with the goal of digging up personal information that they can use for card fraud and/or identity theft.
Blaine Price, a senior lecturer in computing at the Open University and an expert in data protection, said that networks like PSN represent a trade-off: security versus accessibility. Your online banking service might require a two-stage authentication, he said, but something like PSN would require only one, because anything more would make the system rather unworkable. “It would be a real pain if every time you want to start up a game you had to scan your thumb, type in 15 digits and pull out a card reader,” he added. “[But] any time you’re just using a user ID and password, it’s going to be a risk.”
David Emm, a senior security researcher for Kaspersky Labs, said that finding out the password for one account often allowed hackers to get their foot in the door with other accounts too, as people tended to use the same password across multiple services. “The weakest link is always the individual,” he said. “Clearly, trying to undermine a bank’s security is a lot of effort. Whereas if you go after an individual, it’s not going to be noticed, it’s going to be easier to do.”
While the issue with PSN is hardly going unnoticed, if what Emm says is true, then the hackers may have hit the jackpot. While Sony has only said that the hackers might have obtained gamer’s credit card details, it has confirmed that a lot of personal information has been compromised, and this could potentially put a lot of other accounts at risk as well.