Sony Detects And Deals With Small PSN Breach

by Jan Hutchings | Oct 11, 2011 | 1 comment
Jan Hutchings

According to a blog post by Philip Reitinger, Chief Information Security Officer for Sony, the company detected an entity attempting to match a number of compromised user accounts and passwords taken from a different source.

 “PlayStation Network and Sony Online Entertainment (Networks) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.” 

Reitinger has said that about 0.1% of PSN, SEN and SOE users have been affected by this attack (roughly 93,000 accounts globally), in which their sign-in information (PSN ID and password) were successfully matched by the attacker.

Sony has said that they have detected and dealt with the attack and are reviewing the affected accounts for unauthorized access. On a good note, the company has also stated that any accounts that were attacked have been temporarily closed off; also, credit cards associated with the accounts have not been compromised.

 “Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.” 

If you’re in the 93,000 people whose accounts were compromised, Sony is requiring secure password resets and will send you an email with the instructions on how to do it soon. For everyone else, let this be a reminder that you shouldn’t be using the same sign-in and passwords on multiple online services or sites. Since online fraud is a serious threat, it’s better to be safe and use different sign-in information whenever we can.

[Via PlayStation Blog]