Attack on Sony networks results in 93,000 compromised accounts

Sony issued a warning late Tuesday indicating their network had been the target of a mass sign-in attempt giving new  Chief Information Security Officer, Phillip Reitinger a reason for his first security themed release. The attack targeted all Sony accounts including PSN, SEN and SOE and resulted in approximately 93,000 compromised accounts.

ADVERTISEMENT

Reitinger announced the attack on the Sony blog and gave a pretty good amount of details about exactly what had happened.  Apparently the massive sign-in attempt made use of usernames and passwords that were "obtained from one or more compromised lists from other companies, sites or other sources."

Reitinger continued,

"In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity."

Approximately 93,000 total accounts were actually accessed during this mass sign-in attempt. The break down ended up being 60,000 PSN/SEN accounts and 33,000 SOE accounts. Given that Sony had detected the massive log in attempts these accounts were immediately locked and their owners notified via email about what was going on. Those accounts will require a secure password reset. Details about that process will be included in the email from Sony if your account was among those accessed.

ADVERTISEMENT

"Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet."

It's nice that Sony was immediately transparent about what had happened and how it would be addressed. While this wasn't an explicit attack on Sony it is a strong reminder not to use the same username and password combination across all of your online accounts.

The 93,000 Sony accounts that were accessed globally is only about a tenth of a percent of all Sony accounts that currently exist. Was your account among those with unauthorized access? Did you end up with any charges to the credit card you have on file with Sony? Let us know if you were affected in the comments.

No posts to display