Originally Posted by AtomicFrost
The issue is this: By "showing us the truth" they have released the personal information of civilians onto the internet. I don't believe that they have gone about this in the right way. If they really cared about protecting the "people" they should have had a private disclosure with Sony. Instead they want the attention.
At this point we also don't know who programed these websites. Did Sony contract the programing of these sites to another company? How easy is it to fix the programing issues that are allowing these attacks?
Well, as others have pointed out, the info released by LulzSec is not that sensitive, just enough to show that supposedly PRIVATE data is being exposed by Sony's lax security practices. Doesn't matter who programmed the websites or infrastructure, it was Sony's and it was Sony we entrusted our data to. How easy was it to fix, um, by updating their server software to a more secure version when the entire world is informed that the older version is vulnerable. This vulnerability in their server software is well known and has been for some time, most companies have long since moved on to more secure software, a lot of them way smaller than Sony so they should be able to afford the changes. This is a normal part of being secure with personal data, not some undue burden put on Sony by hackers, Sony just plain didn't care to follow industry standard best practices for securing customer data, period.