Sony Loses 25 Million More Accounts, SOE Taken Offline

sony_online_entertainment_logo_0.png

Sony has revealed that an earlier security breach it did not notice resulted in hackers making off with the details of another 25 million users, this time those unwise enough to play its MMORPGs, and has also confirmed that tens of thousands of additional card numbers have been stolen.

Sony’s online service Sony Online Entertainment (used for all its MMORPGs, such as Everquest, Star Wars Galaxies, etc.) is the latest to be breached, with all details associated with 25 million users now in the hands of hackers, along with the card details of tens of thousands of users.

Disturbingly, the compromise actually happened days before the PSN was discovered to be hacked (Sony says around the 16-17 of April), but Sony did not notice until May 1st.

Their official announcement
is all but identical to the PSN announcement:

Dear Valued Sony Online Entertainment Customer:

Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems.

We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack.

Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained. We will be notifying each of those customers promptly.

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.

As with the PSN, all SOE services have now been taken offline indefinitely whilst Sony implements proper security. Sony promises a “complimentary offering” to help users protect themselves from identity theft.

The fact that Sony came under intense fire for withholding details of the scale of the PSN leak for many days, whereas in this case they apparently released the details the next day, is sure to raise further questions about the timing of the PSN announcement, which came just after Sony announced its new tablets.

Having lost the details of 102 million customers to hackers in the largest such leak ever, at this stage it is possible that Sony’s reputation as a provider of online services is irrecoverably damaged – something sure to have severe consequences for a company increasingly dependent on the Internet for its business.


    Post Comment »
    153 Comments
    Sort by: Date | Score
    Comment by Anonymous
    12:20 03/05/2011 # ! Neutral (+0.4)

    Has anything actually happened though? Or are these hackers just trolling?

    Comment by Anonymous
    18:45 03/05/2011 # ! Neutral (0)

    or from China

    .....

    Comment by Anonymous
    22:20 03/05/2011 # ! Neutral (0)

    I bet from the US/Mexico. So many pathetic lag switch and mod players I encounter that needa play so cheaply to win a game. Lame. And no racial slurs intended, they're pretty much all the people I encounter via they're mic or in-game avatar.

    Comment by Anonymous
    22:21 03/05/2011 # ! Neutral (0)

    their* lol

    Comment by Anonymous
    00:27 04/05/2011 # ! Neutral (0)

    There have been reports of credit card fraud, yes. Stuff like several 1-dollar transactions and products ordered from/to various locations around the world.

    Comment by Anonymous
    02:24 04/05/2011 # ! Neutral (0)

    I guess not so soon as they are keeping a close eye on this case. For those who are involved in the leaks sure are hoping those hackers are just trolling...

    Avatar of MARl0
    Comment by MARl0
    11:53 03/05/2011 # ! Good (+0.4)

    It only does identity theft.

    Avatar of Tenshi_
    Comment by Tenshi_
    11:35 03/05/2011 # ! Good (+0.4)

    First PSN and now SOE?? lol are these hackers going all-out attack on Sony?? either way, these hackers are having too much fun atm...

    Comment by Anonymous
    11:38 03/05/2011 # ! Neutral (+0.2)

    all this hackes... PSN and SOE
    the one that benefits more... Microsoft and the xbox?

    Avatar of alidan
    Comment by alidan
    12:15 03/05/2011 # ! Neutral (0)

    it was probably the same security flaw, thats why both got hit.

    Avatar of Garyuu
    Comment by Garyuu
    11:39 03/05/2011 # ! Neutral (-0.2)

    Tenshi, you know that PSN IS part of Sony right? The PSN is a service provided by Sony.

    Comment by Anonymous
    15:58 03/05/2011 # ! Neutral (0)

    That's why he said "lol are these hackers going all-out attack on Sony??".

    P.S. PSN and SOE are not the same thing.

    Comment by Anonymous
    Comment by Anonymous
    12:21 03/05/2011 # ! Neutral (0)

    if the guys who did this withdrew $1 per account, it is highly doubtful users or banks would peruse and thats an instant 74 mil? id like to high 5 this guy. like that saying to be a millionaire in china just sell 1 item per person

    Comment by Anonymous
    15:59 03/05/2011 # ! Neutral (+0.2)

    You're assuming everyone had credit cards.

    Avatar of KillerYandereSama
    Comment by KillerYandereSama
    11:37 03/05/2011 # ! Good (+0.3)

    This is just sad and ridiculous.

    Avatar of Minru
    Comment by Minru
    11:52 03/05/2011 # ! Quality (+0.8)

    I'm not a sony fanboy, but as a gamer you have to feel for the sony players. They have to be whimpering by now. Even the xbox fanboys have to wonder how long they will be imune. After all microsoft usually has bugs and holes you could drive a semi through it's OS. It's prolly only a matter of time. Only people who are safe are apple users, cuz the hackers feel that they suffer enough just from being apple users...

    Avatar of alidan
    Comment by alidan
    12:12 03/05/2011 # ! Quality (+1.0)

    they cant even get negative attention

    Avatar of Eddyak
    Comment by Eddyak
    03:36 04/05/2011 # ! Neutral (+0.2)

    "Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password."

    The password was the only thing they hashed?!

    What the fuck, Sony.

    Comment by Anonymous
    12:08 03/05/2011 # ! Good (+0.8)

    I'm sure Microsoft is taking note of Sony's failure is currently taking appropriate measures to ensure this does not happen to Live. However if they do manage to get hack It would be an epic fail on there part.

    Avatar of Artefact
    Comment by Artefact

    Whatever the poor state of its reputation, Microsoft for its part must have a lot more experience dealing with Internet infrastructure than Sony (which is not at its heart a software company), so I'd think they would be in a better position.

    And after seeing what happened to Sony, a massive security review is a given...

    Comment by Anonymous
    13:41 03/05/2011 # ! Neutral (+0.4)

    Appropiate messaures AKA use it in their next campaign agaisnt them.

    Avatar of Gitami
    Comment by Gitami
    19:59 03/05/2011 # ! Neutral (0)

    Now MS Live would warrant the statement "they were warned beforehand" that had plagued the Sony articles.

    Avatar of NakkiNyan
    Comment by NakkiNyan
    07:56 04/05/2011 # ! Neutral (0)

    There is no reason to have the databases with both payment and account info interconnected with the login of a game.

    Avatar of Travis
    Comment by Travis
    22:48 03/05/2011 # ! Neutral (0)

    This will probably, unfortunately, scare the crap out of Nintendo and keep their next console from having any sort of major online component. Maybe...

    Comment by Anonymous
    21:26 03/05/2011 # ! Neutral (0)

    You know, I'm .NET (Microsoft tech) programmer and you'd be suprised what kind of systems runs on MS OS and are written using their frameworks. I'm talking here about electronic ID's, cashpoints, e-payments for countries, capitals and large corporations.

    So, I'd say tha MS Live is as safe system as you can get.

    Comment by Anonymous
    18:05 03/05/2011 # ! Neutral (0)

    maybe microsoft is hacked all the time but they either don't notice it or don't announce it publically

    Avatar of NakkiNyan
    Comment by NakkiNyan
    07:58 04/05/2011 # ! Neutral (0)

    They could attribute it to any transaction then not MS Live or SOE. The only reason we know SOE is at fault is 1: they admitted it and 2: we know how it was done. You can't tell if a card was stolen through MS or PayPal to use your credit card.

    Comment by PhillB
    00:25 04/05/2011 # ! Neutral (0)

    You know? The irony of Microsoft being poorly positioned amongst companies with little appeal in technology, has strnghtened their products.

    And hate me as much as you want, but I'm not trusting any japanese software. Not even that developed in America under japanese multinational's comission.

    Comment by Anonymous
    01:28 04/05/2011 # ! Neutral (0)

    information from an outdated database from 2007 containing approximately 12,700

    does not fucking =

    25 million more accounts

    Comment by Anonymous

    And maybe you're just fucking stupid.

    Tens of millions use Live, I'm 100% sure at least one of them would notice that someone is making transactions with his credit card.

    Comment by Anonymous

    Fuck Windows. Fuck Apple.

    Linux is where it's at. And no, not that Window-clone Ubuntu build either.

    Comment by Anonymous
    16:24 03/05/2011 # ! Neutral (+0.2)

    edit: Security through obscurity only works because it's not worth the time to make viruses aimed at obscure operating systems when the goal is to do something intended for large scale damage.

    Comment by Anonymous
    16:22 03/05/2011 # ! Neutral (+0.2)

    Security through obscurity only works because it's not worth the time to make viruses intended for large scale damage.

    I seriously doubt these sony databases were running Windows or Apple products anyhow. It most likely was something like unix, linux, etc. I know enough to know I don't know very much on the subject, but databases need special operating systems.

    Comment by Anonymous
    06:06 05/05/2011 # ! Neutral (0)

    No databases DON'T need special operation systems.
    Servers often use some linux distribution though. Chances are PSN either runs on Linux or MS Server.

    Comment by Anonymous
    12:58 03/05/2011 # ! Drivel (-1.0)

    until more people start using mac comps. best thing to do is just get some version of linux (ie: linuxmint or ubuntu) and if necessary to run certain programs, boot either mac os or windows on top of it.

    Avatar of Noodlestein
    Comment by Noodlestein
    13:06 03/05/2011 # ! Good (+0.7)

    >Thinks being on a mac makes him invincible

    I lol'd

    Comment by Anonymous
    07:47 04/05/2011 # ! Neutral (+0.2)

    "Well, Linux or Macs are immune to VIRUSES"

    No there not, at less than 10% of the total computer market they aren't worth breaking the law over.

    Comment by Anonymous
    17:58 03/05/2011 # ! Neutral (+0.2)

    Linux is good if you are afraid of viruses and troians, yet if a hacker wants to hack especially your system it won't save you from that even with a linux or mac.
    You really need tech-no-logical knowledge for making your machine safe, but then with enough knowledge you can make any recent system safe.
    If more people would use different OSs in high variety that would only lower the number of spam since the programs that are sending those couldn't run on every platform, hackers would still exists.
    But wait, wasn't the problem that SONY got hacked not a PC? :p
    (Linuxmint and Ubuntu isn't linux ;))

    Comment by Anonymous
    21:30 03/05/2011 # ! Neutral (+0.2)

    Ain't gonna happen.

    Enjoy your middle-class Mac you bought for twice the price of a top grade PC while it's still up to date, in 2 months your Mac will be obsolete and the only remedy will be to spend a fortune on another one.

    Avatar of Oyashiro-Chama
    Comment by Oyashiro-Chama
    17:26 03/05/2011 # ! Neutral (0)

    an emulation running an emulation sounds inefficient as hell, which is just silly since you use computers for performance not to look cool and say "herp derp i can run anything". serious note, nearly all servers use linux including M$, macs use same shit internally as a linux so they are just as compromise-able if you can get past the single-base user mode at startup, even more so because you can firmware encrypt and fuck someones computer completely and no way to recover, even apple wont reset a 'forgotten' firmware password.

    Comment by 死月
    03:22 04/05/2011 # ! Neutral (0)

    Well, Linux or Macs are immune to VIRUSES, but any machine using TCP/IP has open ports, that's way even Linux requires a Firewall (Mac uses TCP/IP v6, no idea how it works, but I suppose it's more secure... that's for LAN tho, Internet still uses classic TCP/IP v4). I believe even Microsoft used UNIX-like OS on their servers, and probably more now that they are working with Novel to make "Windows Server + SuSE Linux + Virtualization = WOAH!" combo. Microsoft does have a lot more experience dealing with this kind of stuff (I've watched them struggle with hackers for decades! I still remember a hotmail glitch which allowing the other guy on the LAN house using the same internet connection to open your hotmail because you both had the same IP lol funny, funny glitch... good old times...) they have an epic list of fails, but no epic fail on their lists. I believe there probably were some minor hacks into Live, but they managed to put it out without much damage (because they know: their stuff gets hacked A LOT, so instead of checking once a month, they check once an hour...)

    Avatar of Aliaus
    Comment by Aliaus
    14:09 03/05/2011 # ! Neutral (0)

    How bout running Windows on top of OSX on top of Linux for some three way action?

    Comment by Anonymous

    Middle class mac? I've built tons of custom pcs using many windows os. Though making windows/some linux custom setups can provide more power on demand (as available) I still find my MBP more durable over time than any windows computer I've ever built for a customer or myself. Including those in the thousands. As for people who use laptops/PCs made by manufacturers I always Lol at how they end up having to do a 'refresh/re-install' of their entire PC/Laptop in about 2-3 years if not after that 1st year; wether they trashed their shit by lookin at porn or not. Point is, macs (in my experience) are more durable over time depending what kind of setup you buy. And depends on what ever your doing. Gamers shouldn't bother with Macs at all. And just like buying a car, depends on what suits your taste. Both OSes are good, both have their pros and cons, so in the end run as usual, I think fan boyism is still stupid and ignorance at best.

    Avatar of Riiku
    Comment by Riiku
    00:46 04/05/2011 # ! Neutral (+0.2)

    I'd say it's friggin hard not to suspec M$ in doing this. And perhaps an inside job too.

    You know, If I was in charge of Sony's security and was given a load of money from M$ to compromise it, I'd totally do it. Won't you? Is there other plausible explanation?

    Comment by Anonymous
    06:10 05/05/2011 # ! Neutral (0)

    It's highly unlikely that thats true.
    If it's even slightly relateable to Microsoft, Sony could sue their ass open and take out everything.
    They could sue them for billions in damages, lost sales, lost reputation, etc...
    That's just to risky for any big corporation.

    Comment by Anonymous
    23:34 03/05/2011 # ! Neutral (0)

    It's NOT M$, is Oracle or M$ SQL!

    Avatar of Kitsunemimi6
    Comment by Kitsunemimi6
    14:09 03/05/2011 # ! Neutral (0)

    It really is, oh well, it was nice knowing you PSN...

    Comment by Anonymous
    05:51 04/05/2011 # ! Neutral (0)

    Dammit, I still wanted some of that Dissidia 012 DLC....

    Comment by Anonymous
    11:57 03/05/2011 # ! Neutral (+0.2)

    Goddammit Sony. Do your shit right. I swear man. How do you expect to push the envelope in entertainment technology when we can't even trust you to hold on to our Credit information without messing up?

    Avatar of Aliaus
    Comment by Aliaus
    14:05 03/05/2011 # ! Neutral (0)

    well i AM being entertained by this whole fiasco

    Comment by Anonymous
    16:04 03/05/2011 # ! Neutral (0)

    They sure can entertain alright. Even by others' expense. lol






    Post Comment »

Popular

Recent News

Recent Galleries

Recent Comments