Sony Revealed New Security Breach – 100K Accounts Compromised

Sony revealed today that nearly 100,000 PlayStation Network (PSN) and Sony Online Entertainment (SOE) user accounts have been compromised. Unknown attackers tested “a massive set of sign-in IDs and passwords” against existing user accounts. What’s this means is that attackers are taking existing usernames and passwords (i.e. login information) from a separate compromised site and testing the user info against the PSN user database system.

Sony’s chief information security officer Phillip Reitinger reveled:

“We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.”

The announcement went on to reveal that approximately one tenth of a percent (0.1%) of users were affected. This translates to accounts in their “PSN, SEN, and SOE audience were compromised.

“…approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts.”

This news comes on the heels of Sony recent hacking fiasco in early May of 2011. Many PSN network users still haven’t recovered. However, this time, Sony learned its lesson early on and made the vulnerability announcement in a hurry. Reitinger further went on to let users know that any credit card associated with users accounts have not been compromised. They will notify users affected once they confirm any unauthorized purchases made, and will restore the amounts in the  PSN/SEN or SOE wallet.

PushStartSelect will keep you updated as the news develops.

Source: Playstation Network Blog