Not again: Sony’s online game networks get attacked, 93,000 accounts compromised

Sony said tonight that hackers have once attacked the company’s online gaming networks, and this time they have broken into 93,000 accounts. The new hack will bring back bad memories from April, when the PlayStation Network and its sister network Sony Online Entertainment went down for weeks because of a hacker attack.

Philip Reitinger, the newly hired chief information security officer at Sony, said in a blog post that Sony had detected attacks on the Sony Entertainment Network, the PlayStation Network, and the Sony Online Entertainment online gaming service. The hacking attempts tested a massive set of sign-ins and passwords against Sony’s network database. Most of those attempts failed, but the attacks succeeded in penetrating 93,000 accounts.

Sony said that a small percentage of the username and password combinations that were tried actually worked. That suggests that the hackers were using a brute force method to attack, and that the database the hackers were using came from outside of Sony.

Sony has temporarily blocked those accounts, which included 60,000 PSN and SEN accounts, and 33,000 SOE accounts. In those cases, the hackers succeeded in verifying usernames and passwords for the accounts. Only a small fraction of the accounts saw activity before they were locked  down by Sony. The company is currently reviewing those accounts for unauthorized access and it will provide more data once it finds out.

Reitinger said that if users have a credit card associated with the account, the credit card number is not at risk of being stolen. But it is possible that hackers have made unauthorized purchases. Sony is now requiring users to reset their passwords for the PSN and SEN accounts. Affected users will receive an email notification from Sony. The SOE accounts that were affected have also been turned off. Affected users will get an email with Sony requiring them to verify their account in order to have it turned back on. Sony is encouraging users to use strong passwords.

blog comments powered by Disqus