Sony Loses 25 Million More Accounts, SOE Taken Offline

sony_online_entertainment_logo_0

Sony has revealed that an earlier security breach it did not notice resulted in hackers making off with the details of another 25 million users, this time those unwise enough to play its MMORPGs, and has also confirmed that tens of thousands of additional card numbers have been stolen.

Sony’s online service Sony Online Entertainment (used for all its MMORPGs, such as Everquest, Star Wars Galaxies, etc.) is the latest to be breached, with all details associated with 25 million users now in the hands of hackers, along with the card details of tens of thousands of users.

Disturbingly, the compromise actually happened days before the PSN was discovered to be hacked (Sony says around the 16-17 of April), but Sony did not notice until May 1st.

Their official announcement
is all but identical to the PSN announcement:

Dear Valued Sony Online Entertainment Customer:

Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems.

We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack.

Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained. We will be notifying each of those customers promptly.

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.

As with the PSN, all SOE services have now been taken offline indefinitely whilst Sony implements proper security. Sony promises a “complimentary offering” to help users protect themselves from identity theft.

The fact that Sony came under intense fire for withholding details of the scale of the PSN leak for many days, whereas in this case they apparently released the details the next day, is sure to raise further questions about the timing of the PSN announcement, which came just after Sony announced its new tablets.

Having lost the details of 102 million customers to hackers in the largest such leak ever, at this stage it is possible that Sony’s reputation as a provider of online services is irrecoverably damaged – something sure to have severe consequences for a company increasingly dependent on the Internet for its business.

Leave a Comment

153 Comments

  • The scary part is that the guy (more like kid) doing all this is “well known” in the psp/ps3 hacking sites.

    Plenty of them know him to great details and it makes it even funnier because Sony doesn’t have to look to hard to find him.

  • i own a xbox, but really i treat the 2 systems equally 1 isn’t better than the other, they both have their faults and advantages. PS3 doesn’t really deserve this and hopefully xbox isn’t targeted next. Hard core gamers just might fall apart without any of these 2 systems.

  • NakkiNyan says:

    Why does Sony not simply say…
    “due to our ignorance in connecting payment and account information servers to the PSN network we have given away your information”

    Seriously, why are payment servers so interconnected, even SqueeNix handles the 2 things separately.

  • Anonymous says:

    I’ve been wondering for a while now .. Update my PS3 and buy my games, or leave it outdated and hack it when I get around it .. This decides it. Fuck Sony, you ain’t getting any more money from me. My credit card details were also lost and I was forced to get new cards just in case ..

  • Anonymous says:

    call me a fanboy if u want but i was one of those lucky enough to have an expired credit card on there when the leak happened. And im not about to go spend money on an Xbox that i dont need just to have it red ring on me. so im sticking with the Hardware and when the network gets itself together ill be happy to see a new and improved PSN they better come back HARD.

  • Anonymous says:

    I find it detestable that people hate so much that they cannot comprehend that it is not possible to create a 100% secure system. There are always holes, and if hacking assholes try enough, they will find them. Sony have done what they could, cut them some slack!

  • At first I was watching this unfold with intense amusement during the anonymous attacks, but now I’m actually worried about Sony.

    If you like their products, you really should give them your support guys. Stuff like this will get fixed and they make great products… having a pc though, I’d just like to point out that none of this affects me in the slightest. Still, give them another chance if consoles are your thing (not to mention other electronics).

  • I’m kinda amazed that it really happens.
    I mean..such a timing, first Japan have to deal with disaster, then their failing power plant, and now one of major and world-wide companies gets a hit like that.

    Surprising as it is…someone as known as Sony shouldn’t be so easily breached on security levels…they did had to get to their current market level somehow.

    I’m not their fanboy, and dunno about others..but I got no problem here with noticing a perfect situation for sabotage.
    The timing is great..it strikes where it hurts a lot, and might lead Sony to bankruptcy. Such sort of stuff doesn’t just happen in a matter of few days.

  • Anonymous says:

    I’m pretty sure that both breaches are connected. The PSN hackersprobably used info from the SOE breach to make it into the PSN. It was just caught sooner, because they were sloppy.

  • Anonymous says:

    Well, I know that WoW accounts get hacked all the time. It has even happened to people I know well. Resulted in loss off account and hacked their email too. It took a couple of weeks for them to get over the damage. Online gaming in general isn’t safe. So far all this hasn’t taken any effect on me on a personal level.

  • Anonymous says:

    I’m no sony fanboy but hell sony came out with some of the best games for the consoles up until the ps2. When the ps3 came out back in 2007 sony turned into a crap company. Sad day for all. Sony is over. XBOX releases have almost nothing, and nintendo is too weak to even take risks with mature gaming audiences, being a gimmick for the kiddies.

  • Anonymous says:

    I don’t even really care, as long as my shit is OK, I will continue buying consoles, handhelds (when I have the money) and buying games on PSN. It really doesn’t bother me at all.

  • Anonymous says:

    The stupidity of these hackers (if they are trying to retaliate against Sony for the Geohot issue) is it helps Sony’s argument that hackers are bad and detrimental to the success and development of the PS3.

    Now with SOE mmorpg being targeted, it further demonstrates that these hackers out there are just plain bad and their motives have no trustworthy noble grounds.

    • Anonymous says:

      Yes because these hackers are Interested in homebrew and not money… Get a fuckin brain. Homebrew kills the enjoyment, and to think these guys made off with anything less than wads for cash would just be salt in the wound.

  • Anonymous says:

    Well dang i guessed when all the soe mmo sites were down that it was possible, we had some free play time there just before it went down too, those with expired accounts. I value my SOE MMO game accounts, which even if expired and I have no intention of re-upping them, still going to change it all around. In any case it sucks to hear.

  • Anonymous says:

    Isn’t a substantially large number of the SOE customers also PSN customers at the same time? Isn’t Everquest for PC and Socom for PS2, like their only online games that don’t have anything to do with you playing online through your PS3? I’d think that the people who played PS2 moved on to playing PS3.

    I’m just saying, I don’t think its 102 million individual people.

  • Anonymous says:

    I sure as hell ain’t buying anything that has to do with Sony in the future… this is just inexcusable.
    They could make the best next gen console, I won’t buy it, this is just… wow..

  • Anonymous says:

    Goddammit just when i was making fun of all the PSNers this crap comes along, guess thats what i get. i played Everquest and SWG this is ridiculous, how are they gonna recover from this.

  • Anonymous says:

    Goddammit Sony. Do your shit right. I swear man. How do you expect to push the envelope in entertainment technology when we can’t even trust you to hold on to our Credit information without messing up?

  • Sony is going to lose more money than they have on their budget, yet they want to continue to make products by tripling more of a budget than they already have. On top of that, they also going to have to pay for all the damages that were done to the servers which in term will put them in debt. The only way they can now pay for all this is to see how money they can make from their customers (sheep) but since a lot of people lost trust in the company, they’re not going to get a lot of money and may end up bankrupt. But that’t just my take on Sony.

  • Anonymous says:

    Reputation damages? ya for sure but not much damages are gonna deal to Sony, for PS3, PSP or Sony fans in general its the same doesn’t matter what happen, i still love Sony and i hope for a better future.

    • Pyrolight says:

      It will be a large hit. Regardless if the fans support Sony (many won’t since people are fickle), the stock market will lose a lot of faith and stocks will drop a lot.

      – Bad security leads to huge leaks = shareholders unhappy.
      – Hush hush about it = Shareholders unhappy.
      – The incoming ass ton of lawsuits = shareholders crying.

        • Anonymous says:

          alidan:
          Until someone nicks your CC, and if you happen to live in Great Free Country of America, will wreck your credit score.

          If you suddenly end up several thousand dollars in debt and without ability to get CC, not to mention loan or mortage (or you will get foreclosure notice, because bank will no longer believe you can pay it back), I doubt you will be craving for your eq2 fix any more.

    • I’d say it’s friggin hard not to suspec M$ in doing this. And perhaps an inside job too.

      You know, If I was in charge of Sony’s security and was given a load of money from M$ to compromise it, I’d totally do it. Won’t you? Is there other plausible explanation?

      • Anonymous says:

        It’s highly unlikely that thats true.
        If it’s even slightly relateable to Microsoft, Sony could sue their ass open and take out everything.
        They could sue them for billions in damages, lost sales, lost reputation, etc…
        That’s just to risky for any big corporation.

    • I’m not a sony fanboy, but as a gamer you have to feel for the sony players. They have to be whimpering by now. Even the xbox fanboys have to wonder how long they will be imune. After all microsoft usually has bugs and holes you could drive a semi through it’s OS. It’s prolly only a matter of time. Only people who are safe are apple users, cuz the hackers feel that they suffer enough just from being apple users…

      • Anonymous says:

        You know, I’m .NET (Microsoft tech) programmer and you’d be suprised what kind of systems runs on MS OS and are written using their frameworks. I’m talking here about electronic ID’s, cashpoints, e-payments for countries, capitals and large corporations.

        So, I’d say tha MS Live is as safe system as you can get.

        • NakkiNyan says:

          They could attribute it to any transaction then not MS Live or SOE. The only reason we know SOE is at fault is 1: they admitted it and 2: we know how it was done. You can’t tell if a card was stolen through MS or PayPal to use your credit card.

        • You know? The irony of Microsoft being poorly positioned amongst companies with little appeal in technology, has strnghtened their products.

          And hate me as much as you want, but I’m not trusting any japanese software. Not even that developed in America under japanese multinational’s comission.

        • Anonymous says:

          And maybe you’re just fucking stupid.

          Tens of millions use Live, I’m 100% sure at least one of them would notice that someone is making transactions with his credit card.

        • “Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.”

          The password was the only thing they hashed?!

          What the fuck, Sony.

      • Anonymous says:

        I’m sure Microsoft is taking note of Sony’s failure is currently taking appropriate measures to ensure this does not happen to Live. However if they do manage to get hack It would be an epic fail on there part.

        • Anonymous says:

          edit: Security through obscurity only works because it’s not worth the time to make viruses aimed at obscure operating systems when the goal is to do something intended for large scale damage.

        • Anonymous says:

          Security through obscurity only works because it’s not worth the time to make viruses intended for large scale damage.

          I seriously doubt these sony databases were running Windows or Apple products anyhow. It most likely was something like unix, linux, etc. I know enough to know I don’t know very much on the subject, but databases need special operating systems.

      • Anonymous says:

        until more people start using mac comps. best thing to do is just get some version of linux (ie: linuxmint or ubuntu) and if necessary to run certain programs, boot either mac os or windows on top of it.

        • Well, Linux or Macs are immune to VIRUSES, but any machine using TCP/IP has open ports, that’s way even Linux requires a Firewall (Mac uses TCP/IP v6, no idea how it works, but I suppose it’s more secure… that’s for LAN tho, Internet still uses classic TCP/IP v4). I believe even Microsoft used UNIX-like OS on their servers, and probably more now that they are working with Novel to make “Windows Server + SuSE Linux + Virtualization = WOAH!” combo. Microsoft does have a lot more experience dealing with this kind of stuff (I’ve watched them struggle with hackers for decades! I still remember a hotmail glitch which allowing the other guy on the LAN house using the same internet connection to open your hotmail because you both had the same IP lol funny, funny glitch… good old times…) they have an epic list of fails, but no epic fail on their lists. I believe there probably were some minor hacks into Live, but they managed to put it out without much damage (because they know: their stuff gets hacked A LOT, so instead of checking once a month, they check once an hour…)

        • Anonymous says:

          Ain’t gonna happen.

          Enjoy your middle-class Mac you bought for twice the price of a top grade PC while it’s still up to date, in 2 months your Mac will be obsolete and the only remedy will be to spend a fortune on another one.

        • Anonymous says:

          Linux is good if you are afraid of viruses and troians, yet if a hacker wants to hack especially your system it won’t save you from that even with a linux or mac.
          You really need tech-no-logical knowledge for making your machine safe, but then with enough knowledge you can make any recent system safe.
          If more people would use different OSs in high variety that would only lower the number of spam since the programs that are sending those couldn’t run on every platform, hackers would still exists.
          But wait, wasn’t the problem that SONY got hacked not a PC? :p
          (Linuxmint and Ubuntu isn’t linux ;))

        • an emulation running an emulation sounds inefficient as hell, which is just silly since you use computers for performance not to look cool and say “herp derp i can run anything”. serious note, nearly all servers use linux including M$, macs use same shit internally as a linux so they are just as compromise-able if you can get past the single-base user mode at startup, even more so because you can firmware encrypt and fuck someones computer completely and no way to recover, even apple wont reset a ‘forgotten’ firmware password.

        • Anonymous says:

          Middle class mac? I’ve built tons of custom pcs using many windows os. Though making windows/some linux custom setups can provide more power on demand (as available) I still find my MBP more durable over time than any windows computer I’ve ever built for a customer or myself. Including those in the thousands. As for people who use laptops/PCs made by manufacturers I always Lol at how they end up having to do a ‘refresh/re-install’ of their entire PC/Laptop in about 2-3 years if not after that 1st year; wether they trashed their shit by lookin at porn or not. Point is, macs (in my experience) are more durable over time depending what kind of setup you buy. And depends on what ever your doing. Gamers shouldn’t bother with Macs at all. And just like buying a car, depends on what suits your taste. Both OSes are good, both have their pros and cons, so in the end run as usual, I think fan boyism is still stupid and ignorance at best.

  • I feel Julian Assange all over again, I think some people got pissed at the persecution against George Holtz, I however, hold no grudge in the matter, Julian Assange is doing a public service by exposing government secrets (Hey! I never said you guys could spy me with your military satellites!) while Holtz is truly damaging the gaming industry, unlike movies who can afford pirate dvds since they have theaters, the gaming industry only income is the actual selling of games. I blame Holtz for ATLUS being broken! His fault there will be no Persona 5… *hides pirate copies of Persona 2, 3 and 4* *whistle*

      • No, I’m kind of forced to agree. This is actually pretty hilarious. I mean… it’s so pathetic you just kind of end up laughing while facepalming. Sony’s a strong business that makes great products, they’ll recover, but this will forever change what people will be willing to do in terms of paying for things online and how guaranteed security will be.

        The good thing is, this is too much credit card information for anyone to really do anything with. If they do ANYTHING with any number of these cards, they will be caught rather fast. No matter how good a hacker they are, the eyes of the world are on them. This is 100 million people, an actual digit percentage of the entire world we’re talking about here. Some people will be hit, but this isn’t something that they can have done and then be left alone with it like if you were stealing a single person’s identity.

        They can sell them, but all that will do is lead to an eventual stupid person doing it, getting caught, and flipping on the source.

        Either way, we just need to protect ourselves and change some passwords. Being afraid of doing anything online due to fear of this potentially happening is ass backwards and stupid.

        • @alidan

          Everything you’ve said has proven to me that this is actually one of the best things that could have happened to this world in a long time.

          Stay off the game for a while and try something different for a bit. A change in perspective is possibly one of the biggest gifts someone can give you.

        • Anonymous says:

          SONY is a word made from sonnyboy, if you read the book of the founder of the SONY firm, you would know they were debating over the similarity of the word sonny(boy) and the other word son-ni thus they ended up with sony.

        • sony (so:ni)
          v, reg, tr, intr
          – to fail on an epic, financially and reputationally hurting scale “He sonied (this project) last week.”

          n
          – a fail on an epic, financially and reputationally hurting scale “This sony is going to cost us millions.”, “to build a sony”

          Forever asony.

        • That’s a possibility, but hackers by and large are not bad people. They simply want their freedom. Most of them, while generally a little childish and self-centered in their perceptions on what is their right to do, also have a strong sense of justice in terms of what can and cannot be done. When one causes trouble for the rest, they tend to handle it themselves. In this situation, this is giving hackers a bad name the likes of which you wouldn’t believe. The very people who support them, the gamers and the tech-minded, are now being attacked by them. It may be one person, but that doesn’t matter, as most people know it could be ‘a hacker’ but there’s nothing to stop it from being ‘some hackers.’

          It’s a good awakening in general I guess. Hackers have their place, and always will, but they also have an unwritten responsibility that sometimes they need to be reminded of once a generation.

        • its between 1.11% and 1.44%

          but the real number is FAR less. i made 6 accounts, 3 of them are failed accounts to get Japanese psn for a game demo, forgot what game, probably bayonetta. 1 of them is a sucess at getting a japanese account, 1 of them is mine with real info, and one of them is a little brothers with fake info in most areas.

          my everquest account, i have i believe 4 accounts (not all active or mine any more)

          there is some amount of overlap, and allot of accounts for gaming only are going to be filled with fake info, like putting your age over 21 which i did when i made mine, as i was not over 21 yet and didn’t want to be locked out of any possible content.

          but you arent looking at the bigger picture for me. i have identity theft protection, what i care about is playing my god damn games, less playing on console but fuck if im not addicted to everquest. i have 4 accounts because i keep playing the game get to a certain level where i either have to get groups to drag my ass up, or start raiding to get better, and i make a new character. i only play on one server and there are 8 character slots, normaly, you can get 12 but it takes nearly 2 years of paying for that account to be eligible.

          its not funny haveing the game taken away
          than on top of that it has a smaller user base as it stands

          im worried if the game can recover form this…

          god damnit just one time i want to hit the top of the top.