News has just surfaced via IGN stating that Sony Online Entertainment customers may have also been affected by the hacking attempts from last month. In a statement recently sent out by SOE, they claim that additional account information and credit/debit card numbers may have been taken from SOE servers. It’s important to note that the PSN and SOE are two different entities, although it appears that the original attack affected both divisions.
Below is the statement from Sony.
“This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007.
The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:
– e-mail address
– phone number
– login name
– hashed password.
In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:
– bank account number
– customer name
– account name
– customer address.”
We’re not really sure what to say about this situation that hasn’t already been said. It’s obviously very disappointing and I’m sure many will raise questions wondering why it took them this long to realize that SOE servers were also affected, especially since Sony has stated that this was not the result of a second hacking attempt.
On the plus side, SOE is planning to give subscribers an extra 30 day subscription on top of “compensating them one day for each day the system is down.”
Further clarification is sure to come out as the week progresses so stay tuned.
[Update] Sony has posted a notification on soe.com clarifying that their central credit card database was not included in the compromised information detailed above, which leads us to believe that all the credit card information that was stolen is from 2007.
“There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.”