This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Sony locks 93,000 user accounts after breach

Share this article:

Sony has confirmed that a fresh attack on its networks has impacted 93,000 accounts.

According to a statement by Sony CISO Philip Reitinger, it detected attempts on Sony Entertainment Network (SEN), PlayStation Network (PSN) and Sony Online Entertainment (SOE) services to test a massive set of identities and passwords against its network database.

He said the attempts appeared to include data obtained "from one or more compromised lists from other companies, sites or other sources". Due to this, Sony determined that "the overwhelming majority of the pairs resulted in failed matching attempts; it is likely the data came from another source and not from our networks".

Although Reitinger said that less than one per cent of the network's users may have been affected, their accounts have been temporarily locked and, as a preventative measure, it is requiring secure password resets for the PSN and SEN accounts that had both a sign-in ID and password match. Those affected will receive an email prompting them to reset their password.

Reitinger said: “Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorised access and will provide more updates as we have them.

“Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users who we confirm have had unauthorised purchases made to restore amounts in the PSN/SEN or SOE wallet.”

He also confirmed that SOE accounts that have been matched have also been temporarily turned off.

“We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account,” he said.

Graham Cluley, senior technology consultant at Sophos, said the only silver lining for Sony is that this breach appears to be much smaller in scale than the attacks that hit it earlier this year. He added that hackers gained access to the Sony accounts by working through a large database of stolen usernames and passwords, which are believed to have been sourced from somewhere else.

“That suggests that the accounts which were broken into were using a non-unique password. In other words, you were using the same password on the Sony PlayStation Network as you were on website X,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

WhatsApp flaw leaves users open to spying

WhatsApp flaw leaves users open to spying

Global messaging service WhatsApp, now part of Facebook, has owned up to a security flaw which leaves it open to man-in-the-middle (MiTM) attacks.

Data breach discovery takes 'weeks or months'

Data breach discovery takes 'weeks or months'

A new report confirms what's long been feared - businesses take too long to recognise and react to a data breach.

HMRC plan to share taxpayers' data attacked

HMRC plan to share taxpayers' data attacked

A proposal by HMRC to release millions of taxpayers' personal data to private firms has whipped up a storm on data privacy.