And LastPass is just one of a long long string of attacks. It’s inevitable. Just wait until your (or your friend’s) Facebook gets attacked. How bad is that? With Facebook, you have to trust every single one of your friends to also be secure to avoid your data getting out. My old school friends on Facebook are idiots. I am worried.

This discussion is all the more appropriate, seeing that Sony is just one of many companies scrambling to deal with threats to user’s security. Just this morning it was announced that the web-based password management service ‘LastPass’ was hacked 2 days ago, and in their case, “analysis of the outbound data transfer from the server [was] large enough to have included people’s email addresses, the server salt and their salted password hashes from the database.”

Let’s note that even though LastPass was storing salted passwords they are still requiring users to change their master passwords. And like Sony, they are not exactly sure at this point what exactly was intercepted from their database.

My view on this is that no matter how tight the security is on a data center, it still becomes a giant liability the moment that someone steals the data. IMO the very best thing for Sony to do would be not just beef up their procedures, but make it a point to collect less personally-identifying data on users. For example, why ask us for a DOB at all, when simply asking for year of birth (or an age range) would do just as well to ensure that someone’s old enough to play online?! Mimimizing the personal data collected makes it that much less valuable to thieves looking to harvest credit card information. It makes no sense for SCE to make themselves a more inviting target for hackers, by demanding user information beyond what is absolutely necessary to fulfill customer service concerns.