Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
April 18, 2014
arrowPress Releases
April 18, 2014
PR Newswire
View All





If you enjoy reading this site, you might also want to check out these UBM TechWeb sites:


Nearly 100K PSN, SOE Accounts Compromised In New Sony Breach
Nearly 100K PSN, SOE Accounts Compromised In New Sony Breach
October 12, 2011 | By Mike Rose

October 12, 2011 | By Mike Rose
Comments
    10 comments
More: Console/PC, Business/Marketing



Sony revealed today that nearly 100,000 PlayStation Network and Sony Online Entertainment user accounts have been compromised, as unknown attackers have tested "a massive set of sign-in IDs and passwords" against user accounts.

In a post on the official PlayStation blog, Sony's SVP and chief information security officer Philip Reitinger explained that the company has detected breaches on its Sony Entertainment, PlayStation and Sony Online Entertainment Networks.

Data from "one or more compromised lists from other companies, sites or other sources" outside of the Sony Networks was tested against hundreds of thousands of user accounts, and a total of 93,000 were compromised.

These consist of 60,000 PSN and SEN accounts, and 33,000 SOE accounts. Sony has since temporarily turned these accounts off and contacted the owners of the accounts.

Reitinger was quick to note that these compromised accounts make up only 0.1 percent of overall PSN, SEN and SOE accounts.

"Only a small fraction of these 93,000 accounts showed additional activity prior to being locked," he explained further. "We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them."

He continued, "Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet."

Earlier this year, Sony's PlayStation Network was hacked via an external intrusion, and the network was taken down for nearly a month.


Related Jobs

Gameloft
Gameloft — New York, New York, United States
[04.18.14]

UI Developer
Gameloft
Gameloft — New York, New York, United States
[04.18.14]

Data Tracking Manager
Penny Publications, LLC
Penny Publications, LLC — Norwalk, Connecticut, United States
[04.18.14]

Game Designer
Hasbro
Hasbro — Pawtucket, Rhode Island, United States
[04.18.14]

Sr. Designer/Producer, Integrated Play










Comments


Richard DeBarry
profile image
My SOE account was affected. And it just so happens it is the same week I purchased an authenticator.

Kale Menges
profile image
I'm beginning to wonder if these frequent security failures aren't inside-jobs...

Keith Thomson
profile image
The headline is disappointing. This is as far from a "New Sony Breach" as you can possibly get. If anything, it's showing that Sony's gotten on top of their security. All of those who had their accounts locked should look at other sites that they use the same passwords on, because it's quite possible that many of them have been tried as well and probably didn't catch the problem.

Wojciech Lekki
profile image
This is really pissing me off! It would be good if they catch the ones responsible for those hacks and send them to Guantanamo or something....

A W
profile image
The original hackers checked to see if the first set of usernames and passwords they stole where actually still active... That's what I got from this story.

Christopher Enderle
profile image
Couldn't Sony's security force you to choose a different password from your previous one?

Eric Ruck
profile image
How is it not a Sony problem? Most systems protect against brute force attacks by disabling login attempts for some period of time, or indefinitely, after some relatively small number of incorrect attempts. Definitely sounds like a Sony problem to me, this attack should not have worked. Well, unless 93K users had the password as "password", which I guess is possible.



Plus they probably should have monitoring software that would have noticed the attack, especially if it was coming from a limited range of IP addresses.

james sadler
profile image
It sounds like that monitoring software you talked about is exactly what caught this. The login attempts weren't a bot trying different passwords with a user account, it was trying a user account name and password that the hacker had. If it didn't work they would move onto another user name and password. Most of those sites that protect against trying to login multiple time only prevent one from using the same user name and trying different passwords. It also says that attempts were tried but not exactly successful, and probably came from other sites where people might use the same login and password.

Marcus Miller
profile image
More anti Sony media hype. What does the media have against Sony?? Bashing Sony seems to be their soup of the day.

Lyon Medina
profile image
At least Sony did their duty and protected the accounts info. Sad for the people who lost their accounts though. Hopefully Sony can get them back up asap.


none
 
Comment: