Sony Fights Off PSN Breach Attempt
Earlier this evening, Philip Reitinger, Chief Information Security Officer for Sony blogged that Sony had indeed detected and fought off an attempt to compromise a number of PSN and SOE accounts with sign-in information that the attacker took from a different -compromised- source.
More information on the breach and Sony’s lightning quick response after the break.
“PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.”
Reitinger has said that about 0.1% of PSN, SEN and SOE users have been affected by this attack (roughly 93,000 accounts globally) in which their sign-in information (PSN ID and password) were successfully matched by the attacker.
Sony stated that they have detected and dealt with the attack and are reviewing the affected accounts for unauthorized access. Only about 0.1% (93,000) of PSN and SOE accounts globally have been affected; and that the company has temporarily temporarily closed off these accounts.
Reitinger said that credit cards associated with the accounts have not been compromised, so affected users can breathe a sigh of relief.
“Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.”
Since online fraud is a serious threat, it would be better for everyone to use different sign-in information for different online services and sites. For those affected, Sony will be sending out emails with instructions on how to securely reset passwords and security information.
Stay tuned for more updates.
[Via PlayStation Blog]