This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Sony locks 93,000 user accounts after breach

Share this article:

Sony has confirmed that a fresh attack on its networks has impacted 93,000 accounts.

According to a statement by Sony CISO Philip Reitinger, it detected attempts on Sony Entertainment Network (SEN), PlayStation Network (PSN) and Sony Online Entertainment (SOE) services to test a massive set of identities and passwords against its network database.

He said the attempts appeared to include data obtained "from one or more compromised lists from other companies, sites or other sources". Due to this, Sony determined that "the overwhelming majority of the pairs resulted in failed matching attempts; it is likely the data came from another source and not from our networks".

Although Reitinger said that less than one per cent of the network's users may have been affected, their accounts have been temporarily locked and, as a preventative measure, it is requiring secure password resets for the PSN and SEN accounts that had both a sign-in ID and password match. Those affected will receive an email prompting them to reset their password.

Reitinger said: “Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorised access and will provide more updates as we have them.

“Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users who we confirm have had unauthorised purchases made to restore amounts in the PSN/SEN or SOE wallet.”

He also confirmed that SOE accounts that have been matched have also been temporarily turned off.

“We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account,” he said.

Graham Cluley, senior technology consultant at Sophos, said the only silver lining for Sony is that this breach appears to be much smaller in scale than the attacks that hit it earlier this year. He added that hackers gained access to the Sony accounts by working through a large database of stolen usernames and passwords, which are believed to have been sourced from somewhere else.

“That suggests that the accounts which were broken into were using a non-unique password. In other words, you were using the same password on the Sony PlayStation Network as you were on website X,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.

Password recovery made too easy

Password recovery made too easy

A senior malware analyst has slammed the availability of a `password recovery' utility from Freehostia, noting that the software actually uses network admin utilities to take credentials from the users' ...

Belgacom says alleged GCHQ APT attack cost firm £12 million

Belgacom says alleged GCHQ APT attack cost firm ...

One year on from a nation-state APT which 124 systems at telecom operator Belgacom and the firm has detailed the cost and manpower involved in the clean-up operation.