Sony: 93,000 PlayStation, Online Entertainment accounts hacked
Sony's hacking problems aren't over yet.
On Wednesday morning, Philip Reitinger, Sony's newly hired chief information security officer, said that about 93,000 PlayStation Network and Sony Online Entertainment user accounts have been breached in a Web attack.
The attack is merely the latest for Sony, which has been dealing with online assaults on its user accounts most of the year. So far, more than 90 million Sony user accounts across the company's online services have been breached, which led to online video gaming services being suspended for more than a month.
The security breaches haven't been limited to Sony's gaming business either. Sony's cloud-based Qriocity music service, Sony music websites and Sony Pictures websites have been hacked this year too.
Reitinger, whom Sony hired in September, is a veteran of the online security world and formerly was a top security official at the U.S. Department of Homeland Security and Microsoft Corp.'s chief trustworthy infrastructure strategist. He's also worked for the Department of Defense and the Department of Justice and holds a law degree from Yale.
Sony created an entirely new position for Reitinger in hiring him in a bid to show it was serious about changing what is becoming an image of having a weak security system for users of its online services.
In a statement on Sony's PlayStation blog, Reitinger said it is unsure how successful or widespread the most recent attacks have been, but it has "detected attempts" to crack into Sony's Entertainment Network, PlayStation Network and the Sony Online Entertainment services "to test a massive set of sign-in IDs and passwords against our network database."
"These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources," he said. "In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks."
Reitinger said that Sony has made moves to fend off the attacks.
"Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected," he said. "There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts' valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked."
The nearly 93,000 accounts that were hacked and then locked down are currently under review by Sony so the company can figure out if an outside party really did access those accounts or not, Reitinger said.
Despite what Sony believes is the likely hacking of the large number of accounts, credit card numbers were not at risk in the security breach, he said. However, Sony "will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet," Reitinger said.
"As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt," he said. "If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password."
"Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on."
-- Nathan Olivarez-Giles
Photo: A customer watches a video of a Sony PlayStation 3 video game console at a Tokyo electronics retailer on April 27. Credit: Yoshikazu Tsuno / AFP/Reuters