Sponsored By

Sony and Valve: A tale of two hacking responses

When Sony announced that customer data from its PlayStation Network was accessed by hackers, gamers and the media were furious. So why did Valve seem to get a pass under similar circumstances?

Chris Morris, Blogger

February 16, 2012

4 Min Read
Game Developer logo in a gray background | Game Developer

Like a lot of people in the gaming world, I got an interesting email from Gabe Newell last week. The Steam hacking incident of last November, he said, was worse than they initially thought it was. And while there still was no direct evidence that credit card information had been accessed, a backup file containing that information (albeit encrypted) was obtained by the person or persons who had broken into the system. It was disquieting information delivered in an oddly comforting manner – and while the service has 40 million user accounts under its control, there wasn't a lot of outrage in the forums and throughout the online world. It was a curious juxtaposition to what Sony had faced just a year prior. During that hack, of course, the level of hostility aimed at Sony was staggering. Players and the media hit the company for its lack of transparency and seemingly unapologetic attitude toward the attack. Large scale game hacking was, after all, a brave new world – and one that no one was really prepared for (something that seems absurd in retrospect). Was Valve's reaction to its hacking problem truly better than Sony's? Or were there other factors at play? The answer, I think, is both. It's hard to find anyone who will defend Sony's handling of the hacking incident – including inside the office of that company. But Sony's missteps and stumbles helped other developers and publisher learn what to avoid. And no one learned better than Valve. When the Steam database was breached, Valve's Gabe Newell sent an IM to users alerting them to the incident, explaining the situation (and what the company was doing) and quickly apologized. That note came four days after hackers hit the company's forums – the first sign of trouble. Sony, meanwhile, waited six days before giving any real visibility into the severity of the situation – though it did acknowledge the outage and let people know it was looking into things almost immediately. That's not a significantly longer time period, but the company was quickly put on the defensive. The first formal apology from a Sony official didn't come for another five days, when Kaz Hirai held a press conference in Japan. Like Valve, all of the bad news didn't hit at once. It consecutively got worse. Just as users were absorbing the PSN and Qriocity music service hits, it was discovered that Sony Online Entertainment was also hit. And then the copycat attacks started coming, this time at Sony Pictures. It was a perfect storm of bad news brought on by hackers looking to latch on to the media blitz. Valve, hopefully, has reached the end of its road as far as bad news goes. But the fact that it took three months to discover the extent of the breach and notify users was interesting, especially for the lack of reaction. Valve, of course, encountered its hacking problems with a few advantages. Sony, as a multinational, multi-billion dollar company, had to overcome a reputation of a big, faceless empire. Valve has always maintained a relationship with the community – and ensured its place as a gamer favorite when it reached out to them for help when the Half-Life 2 source code was stolen. Newell has also maintained a direct relationship with is customers – emailing back and forth with them regularly. This goodwill undoubtedly helped the company when dealing with the fallout of this incident – as did studying the moves of those hit by hackers before it. While Steam's messaging was certainly better worded than Sony's, its timeliness was roughly the same. But ultimately, I think gamers have gotten over the hysteria of hacker attacks. Rather than obsessing over identity theft or stolen credit card numbers, they now know to put an alert on their credit reports and that they won't be liable for any charges made if, in fact, those card numbers are stolen. What was so unthinkable a year ago is now commonplace – an annoyance that's worth keeping an eye on, but not worth panicking over. But how a company handles that is just as important. And you can bet your bottom dollar that EA, Microsoft and any other company that handles credit card data from customers, is taking note on how Valve has successfully negotiated these waters.

About the Author

Chris Morris

Blogger

Gamasutra editor at large Chris Morris has covered the video game industry since 1996, offering analysis of news and trends and breaking several major stories, including the existence of the Game Boy Advance and the first details on Half-Life 2. Beyond Gamasutra, he currently contributes to a number of publications, including CNBC.com, Variety and Official Xbox Magazine. Prior to that, he was the author of CNNMoney's popular "Game Over" column. His work is cited regularly by other media outlets and he has appeared on The CBS Evening News, CNN, CNN Headline News, CNN International, CNNfn, G4 and Spike TV.

Daily news, dev blogs, and stories from Game Developer straight to your inbox

You May Also Like