This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Sony locks 93,000 user accounts after breach

Share this article:

Sony has confirmed that a fresh attack on its networks has impacted 93,000 accounts.

According to a statement by Sony CISO Philip Reitinger, it detected attempts on Sony Entertainment Network (SEN), PlayStation Network (PSN) and Sony Online Entertainment (SOE) services to test a massive set of identities and passwords against its network database.

He said the attempts appeared to include data obtained "from one or more compromised lists from other companies, sites or other sources". Due to this, Sony determined that "the overwhelming majority of the pairs resulted in failed matching attempts; it is likely the data came from another source and not from our networks".

Although Reitinger said that less than one per cent of the network's users may have been affected, their accounts have been temporarily locked and, as a preventative measure, it is requiring secure password resets for the PSN and SEN accounts that had both a sign-in ID and password match. Those affected will receive an email prompting them to reset their password.

Reitinger said: “Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorised access and will provide more updates as we have them.

“Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users who we confirm have had unauthorised purchases made to restore amounts in the PSN/SEN or SOE wallet.”

He also confirmed that SOE accounts that have been matched have also been temporarily turned off.

“We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account,” he said.

Graham Cluley, senior technology consultant at Sophos, said the only silver lining for Sony is that this breach appears to be much smaller in scale than the attacks that hit it earlier this year. He added that hackers gained access to the Sony accounts by working through a large database of stolen usernames and passwords, which are believed to have been sourced from somewhere else.

“That suggests that the accounts which were broken into were using a non-unique password. In other words, you were using the same password on the Sony PlayStation Network as you were on website X,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Sandworm vulnerability seen targeting SCADA-based systems

Sandworm vulnerability seen targeting SCADA-based systems

Hard on the heels of the `Sandworm' spy group revealed by iSIGHT Partners earlier in the week, Trend Micro says its has spotted the zero-day vulnerability of the same name ...

Russian-speaking criminals account for £420m of card fraud annually

Russian-speaking criminals account for £420m of card fraud ...

New research claims to quantify the scale of card fraud in Russian speaking circles. And according to Group-IB's analysis over the last year, that fraud clocks in at a hefty ...

Light-based printer attack overcomes air-gapped computer security

Light-based printer attack overcomes air-gapped computer security

Multi-function printers - a route to bypass air-gapped computer security.