More Than 93,000 Sony Customers Affected in New Breach

eddhorse

Didn't see this posted anywhere...

http://blog.us.playstation.com/2011/10/11/an-important-message-from-sonys-chief-information-security-officer/

An Important Message From Sony’s Chief Information Security Officer

+ Posted by Philip Reitinger // SVP & Chief Information Security Officer, Sony Group

We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.

Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.

As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password.

Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on.

We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.

Headshot

They never get a break it seems

How come you never hear this about xbox stuff?

Captain Chaos

Headshot wrote: »

They never get a break it seems

How come you never hear this about xbox stuff?

They have never been hacked, or a hack that effected any Live accounts, otherwise you would have heard about it. Look at all the years of RROD failures in the media.

Peoples accounts have been hacked on Live but that was down to carelessness of the members involved.

Otacon

This is pretty much a non-story.

The account details were taken from a completely different database and basically just tested to see if they held the same passwords across both. Some did [stupid users IMO].

No credit cards details were leaked so it wasn't too serious. Sony released the statement because of all the criticism they received over the delay last time.

NotorietyH

Captain Chaos wrote: »

Headshot wrote: »

They never get a break it seems

How come you never hear this about xbox stuff?

They have never been hacked, or a hack that effected any Live accounts, otherwise you would have heard about it. Look at all the years of RROD failures in the media.

Peoples accounts have been hacked on Live but that was down to carelessness of the members involved.

The exact same thing happened to Xbox live users last month. Hackers got user data from another website breach or wherever and tried to use the same info to access Xbox live accounts. Same thing is happening here. Misleading thread title.

eddhorse

True, i got the title from here :
http://www.wired.com/threatlevel/2011/10/93000-sony-accounts-breached/

But then linked the playstation blog info.

More of a "dont use the same details for all your logins" title.