Sony faces more security problems. Image: Sony Computer Entertainment.
Sony is in the spotlight again, and once more the reason is security related. According to the consumer electronics company, its Sony Entertainment Network (SEN), PlayStation Network (PSN), and Sony Online Entertainment (SOE) services were all targeted in an attack that impacted 93,000 user accounts.
“These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources,” commented Sony’s CISO, Philip Reitinger.
“In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks,” he added. “We have taken steps to mitigate the activity.”
“There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords,” Reitinger confirmed. “We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them.”
Accounts that were successfully matched in the attack have been suspended. For customers locked out of their accounts, Sony is communicating with them in order to complete a reset and verification process, a company spokesperson said. The attack started last Friday and continued until the early hours of Monday morning.
According to the spokesperson, this attack was not on the scale of the security breach that hit Sony earlier in 2011 because, "this time nothing was taken or potentially taken from our data servers.”
Information used by the attackers during the probe is assumed to have come from Phishing schemes or other breaches. Sony is confident that the credentials used by the attackers did not come from its own datacenters.
At this point, if you are a Sony customer, the best plan of action is to change your account password (once again), and make sure said password isn’t used in other online places, especially on finance-related websites.