Sadly, folks just don't always get it, or if / when they finally do, they don't put enough time and $$ into remediation and problem resolution.  Even then, attackers will continue to put a lot of effort into going after Sony, time and time again, because now, they have a huge target painted on them, for the world to see.

They very well might.

But here's the rub...

It happened once.  It happened twice.

Elite or not, SOMEBODY is still overlooking the holes, and they continue to do so.  Like I'd said, whether they like it or not, the target is there...

The thing about 'elite teams' is that sometimes they get so confident that they overlook little / simpler things.  I can't count on the fingers and toes, of my whole family, how many 'elite' network folks, for instance (the 'I'm a Cisco guy, and I know my setup is sound' types,) whom I've pointed out misconfigurations to, as well as the IT security teams, that often just don't understand that they DON'T know all there is to know, with regard to their network.

So you think the hackers are using the same vulnerability every time?

Here's an example from my past, where there WAS the same hole exploited.  I won't name the company, but let's just say I found a MAJOR security hole for them, and reported it straight to their top folks (it was that major, that it needed addressed, ASAP.)

The response I got was that their 'elite' team had been aware of said issue, for over a year, and 'decided' it was a calculated risk.  Didn't matter that it was massively hackable, and I could easily take everything from their network, top to bottom...  The 'elite' folks had already decided, in their minds, that it was a necessary risk.  So, in this case, they WERE aware of a hole, yet didn't fix it.  

That doesn't mean Sony was aware of the first or second (or any still unremedied) holes.  But as you pointed out, they are huge, and therefore, once hole one was publicly disclosed, their efforts to find and remediate any others should've gone into high gear, because common sense dictates that, now, they have that target hanging out there.

(edit - please excuse multiple posts tonight, in succession...  Working from my phone, remote, and if typing gets too long, it times out during reply, and I lose it all.  So better to 'chunk it up' into a couple posts, when necessary)

No need to apologize.  I just figured you missed what I was aiming at.   

As for the 'calculated risk,' I think you'd be amazed at how often I've run into that.  You'd think they'd realize the position and risk they put themselves into, but sometimes, they'll amaze you.  I'm sure others here have similar war stories.  Just seems to be the norm, in the industry, and obviously, some folks need to pay more attention to regulations, as well as just apply some common sense.

Anyway, my two cents for the evening! 

Seems like Sony deserved what happened to them. Seems a little reckless for such a strong and well known company.

I dont know how users still give the playstation network personal information. I recently just bought ps3 but there is no way in hell my info is going in there. I rather max out my credit cards instead of someone else, thank you very much lol