Sony Part 1 [011]

Posted on Saturday, Jan 31, 2026
Security Take(s) Two - Sony Part 1

Show Notes

When it comes to information security, Sony has had a bit of a tough go of it. In fact, there have been so many incidents, Ben and Chet decided to make this a multi-part series. This post covers 2005 to mid-2011 which we are referring to as part 1. From rootkits, to DDoS, stolen credit cards and SQL injection, Sony has been through a lot. These are opportunities to reflect for the rest of us, though. We can recognize some of the weaknesses we ourselves may still have and hopefully take away lessons on hardening our own defences.

Firewall Times - Sony Data Breaches: Full Timeline Through 2023
LinkedIn - Sony PlayStation Network Hack (2011) - A Deep Dive
ON THE PLAYSTATION 3 - GeoHot’s first post about hacking the PS3
Reuters - Sony PlayStation suffers massive data breach
EFF - Updated Sony BMG DRM Spotter’s Guide
EDN - The Sony PlayStation 3 hack deciphered: what consumer-electronics designers can learn from the failure to protect a billion-dollar product ecosystem
Wikipedia - Sony BMG copy protection rootkit scandal
CSO - New PS3 hack claims to be the most powerful yet
YouTube - The Light It Up Contest – geohot
VG247 - SOE: 12,700 old CC numbers, 10,700 DD records breached
The Register - Sony says data for 25 million more customers stolen
Wikipedia - George Hotz
Medium - Meet Cyber: How “Anonymous” Hacked Sony PlayStation And Breached the Data of 77 Million Gamers\

Hosts

Chester Wisniewski

Chester Wisniewski (He/Him)

Chester Wisniewski is an old hat to information security having practiced the art professionally for more than 25 years. Starting out with a 300 baud modem in the 80s he became obsessed with exploring the world’s phone networks (phreaking?) which inevitably led to bulletin boards and early internet access in the mid-80s. The trust inherent in the system seemed absurd and this inspired Chester to pursue how we might build systems less prone to abuse. The rest is history.

Ben Verschaeren

Ben Verschaeren (He/Him)

Ben has been in Information Technology for two decades starting at the age of 14. Recently described by a senior executive as an “Adult Dennis the Menace”, Ben’s always up for a bit of cyber mayhem. Having worked across, Managed Services Providers, two of Australia’s largest Enterprises and an almost decade at a Security Vendor. Ben’s experience spans Wintel System Administration, Network Administration, Penetration Testing, and Software Development.