With the new console generation having finally arrived and online console gaming bigger than ever, the time is right for an honest comparison of the security strengths and flaws in the online platforms used by Microsoft and Sony. Since the Xbox 360 and PlayStation 3 debuted in 2005 and 2006, Xbox Live and the PlayStation Network have bloomed into enormous revenue streams. The sheer volume of users and transferred money has naturally drawn thieving hackers looking for potential victims, and neither company made it through the last console generation without major setbacks. Spurred on by these past failures, Microsoft and Sony have each made substantial efforts to improve customer security, but it seems as though one of them is ahead in the race against hackers.
Microsoft periodically demands account information updates from Xbox Live users, temporarily locking accounts that aren’t compliant within two weeks. Security proofs add a powerful layer of protection by sending one-time security codes to a user’s phone and email address to verify login authenticity from non-trusted devices. These security methods give current users a substantial layer of protection from cyber criminals, but their existence, unfortunately, seems largely consequential to a trend of compromised accounts. In late 2011 and early 2012 in particular, hackers victimized Xbox players on multiple fronts. Some were phishing Live accounts while others were using accounts to buy tradable digital cards for the game FIFA Soccer 12 and turn them for significant profit.
While a significant number of Xbox Live users have suffered identity theft, Sony owns the dubious distinction of having experienced one of the largest data breaches in history. Hackers besieged the PSN servers between the 17th and 19th of April 2011, stealing credit card numbers and vital personal data from every one of Sony’s 77 million registered users. Although the stolen information was supposedly never used, the attack shook the confidence of the PlayStation community, cost Sony approximately $171 million, and left the company scrambling to rebuild customer goodwill.
Sony claims to have heavily bolstered its security infrastructure in the wake of the 2011 breach. A significant portion of the aforementioned $171 million was devoted to various measures to improve security by adding higher encryption levels and extra firewalls to slow down hackers. They also invested in security experts to perform penetration and vulnerability tests to determine potential weak points. The improved infrastructure was demonstrated successfully when hackers attempted to breach the network again in October 2011. Armed with data from compromised lists, they attempted to sign into the network but were able to access less than a tenth of the accounts, which were quickly locked. Unfortunately, these infrastructure upgrades weren’t accompanied by any additional layers of login protection similar to Xbox’s security proofs, and logins are still a simplistic password-and-user-name affair with a secret question on top.
Both Sony and Microsoft have made heavy reactionary investments in improved security, but the layered login protection and the fact that there still hasn’t been a catastrophic mass breach gives Xbox Live an advantage in its current state. Regardless, your best defenses as a gamer are common sense and diligence. Complex passwords that are frequently changed, up-to-date security contact methods, and use of point cards over credit cards all help to minimize the chance that your information winds up in unwanted hands.