"Sony's ongoing investigation of illegal intrusions into Sony Online Entertainment systems revealed that attackers may have stolen personal information from approximately 24.6 million SOE accounts, as well as certain information from an outdated database from 2007.
The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.
With the current outage of the PlayStation Network and Qriocity services and the ongoing investigation into the recent attacks, SOE had also undertaken an intensive investigation into its system. Upon discovery of this additional information, the company promptly shut down all servers related to SOE services while continuing to review and upgrade all of its online security systems in the face of these unprecedented cyber-attacks.
The company is working with the FBI and continuing its own full investigation while working to restore all services.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:
* name
* address
* e-mail address
* birthdate
* gender
* phone number
* login name
* hashed password.
In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:
* bank account number
* customer name
* account name
* customer address.
SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a "make good" plan for its PlayStation 3 MMOs. "
(HelpNet Security)
Showing posts with label sony. Show all posts
Showing posts with label sony. Show all posts
Tuesday, May 3, 2011
Wednesday, April 27, 2011
What is up with the Sony Playstation Network? Breach = 77 million members
UPDATE: Sony is saying that the credit card information was encrypted now. This should be interesting.
"Sony admitted that hackers broke into its PlayStation Network online gaming network made off with the personal information of more than 77 million members in what would be one of the largest reported data breaches in history.
A message posted on the PlayStation Network Web site informed customers that the thieves like obtained the name, address, e-mail address, birthdate and PlayStation Network and Qriocity password and login. They may also have obtained financial information including customers' billing address and account security questions and answers may have been taken. Sony, which is working with "an outside, recognized security firm" said it doesn't have evidence that credit card data attached to members' accounts was stolen but "we cannot rule out that possibility."
The news came less than a week after Sony first detected the breach and took its PlayStation Network offline. The company had been mum about the extent of the breach while it investigated the incident.
With 70 million members, the PlayStation Network breach is the fifth largest ever, according to Datalossdb.org. Sony advised customers who had given their credit card to PlayStation Network or Qriocity were advised to watch out for email, phone or mail scams seeking personal information and to change their account password as soon as the PlayStation Network is restored.
The company has provided the names of affected customers to U.S. credit bureaus and offered credit fraud monitoring services to them.
In the meantime, Sony says it has a "clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week."
Speculation about the attack has focused on Anonymous, the loose collective of hackers and online mischief makers. Although the group has denied responsibility for the breach, Sony had been a target of Anonymous denial of service attacks in retaliation of the company's legal actions against hackers who have cracked content protection technology for its PS3 and other products."
(As posted on Threatpost)
More information and direct link to article here
"Sony admitted that hackers broke into its PlayStation Network online gaming network made off with the personal information of more than 77 million members in what would be one of the largest reported data breaches in history.
A message posted on the PlayStation Network Web site informed customers that the thieves like obtained the name, address, e-mail address, birthdate and PlayStation Network and Qriocity password and login. They may also have obtained financial information including customers' billing address and account security questions and answers may have been taken. Sony, which is working with "an outside, recognized security firm" said it doesn't have evidence that credit card data attached to members' accounts was stolen but "we cannot rule out that possibility."
The news came less than a week after Sony first detected the breach and took its PlayStation Network offline. The company had been mum about the extent of the breach while it investigated the incident.
With 70 million members, the PlayStation Network breach is the fifth largest ever, according to Datalossdb.org. Sony advised customers who had given their credit card to PlayStation Network or Qriocity were advised to watch out for email, phone or mail scams seeking personal information and to change their account password as soon as the PlayStation Network is restored.
The company has provided the names of affected customers to U.S. credit bureaus and offered credit fraud monitoring services to them.
In the meantime, Sony says it has a "clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week."
Speculation about the attack has focused on Anonymous, the loose collective of hackers and online mischief makers. Although the group has denied responsibility for the breach, Sony had been a target of Anonymous denial of service attacks in retaliation of the company's legal actions against hackers who have cracked content protection technology for its PS3 and other products."
(As posted on Threatpost)
More information and direct link to article here
Subscribe to:
Comments (Atom)