News has just surfaced via IGN stating that Sony Online Entertainment customers may have also been affected by the hacking attempts from last month. In a statement recently sent out by SOE, they claim that additional account information and credit/debit card numbers may have been taken from SOE servers. It’s important to note that the PSN and SOE are two different entities, although it appears that the original attack affected both divisions.
Below is the statement from Sony.
“This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007.
The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:
– name
– address
– e-mail address
– birthdate
– gender
– phone number
– login name
– hashed password.
In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:
– bank account number
– customer name
– account name
– customer address.”
We’re not really sure what to say about this situation that hasn’t already been said. It’s obviously very disappointing and I’m sure many will raise questions wondering why it took them this long to realize that SOE servers were also affected, especially since Sony has stated that this was not the result of a second hacking attempt.
On the plus side, SOE is planning to give subscribers an extra 30 day subscription on top of “compensating them one day for each day the system is down.”
Further clarification is sure to come out as the week progresses so stay tuned.
[Update] Sony has posted a notification on soe.com clarifying that their central credit card database was not included in the compromised information detailed above, which leads us to believe that all the credit card information that was stolen is from 2007.
“There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.”
AnimaOnline
Just when things were starting to die down a bit this story rears its ugly head. Honestly, I’ll be happy when this is all a thing of the past.
It’s a shame that Sony has been singled out by hackers with all of this as I’m sure there are other reputable companies which could be easily hacked had they gained enough attention. Hopefully all of this news will encourage other companies to reassess their security.
Paranoimia
Just curious… with the recent news that SCE and SOE are closing studios and shedding staff, does anyone else wonder if this could be an inside job by a pissed-off about-to-be-former employee?
Given the massive back-end access they seem to have had, surely Sony must be considering it as a possibility.
cc_star
Something I said a few days ago.
gi.biz (industry website) interviewed a security firm who said 80% of large scale data breaches are done with inside assistance, I also wondered if that was one of the reasons behind the data centres move
iamtdogg
Yeah the wording of physical attacks worried me too
retro_
If and when I loose my job, I’m going to turn the work frigde up to ‘7’ as it freezes the milk and any full glass bottles crack…. That’ll teach em!!
Mentality
Oh dear, can this sorry situation get any worse?
teflon
Oh dear, Sony just can’t get a break a moment.
If this is part of the same hack that caused PSN to be shut down, as Sony seem to be saying, then clearly there were enough similarities between the two server architectures that the hackers were able to compromise both in short order.
Which leads us to asking why SOE’s servers weren’t checked sooner than now.
However, we can be slightly re-assured that Sony will 99.9% also have hashed the passwords on the SOE servers, and encrypted the card details.
skibadee
these hackers need to be caught they think there above the law.
marshaal5
Why hasnt the news that passwords were “hashed” given a banner headline ?
http://blog.eu.playstation.com/2011/05/02/playstation-network-security-update/
JesseDeya
I guess they were listening… after you posted the very next article is about the hashed passwords :)
GTRsannin
All i’m going to say about this is that other online services should start upping their security as well you never know when hackers might start targeting them
Foxhound_Solid
Shit. The hackers are complete arseholes.
The Lone Steven
oh FFS,why can’t the hackers stop hacking everything? soon i reckon someone is going to release a leave sony alone video on youtube if this keeps happening.:P I wonder if Geohot’s suppoters are behind this?
tom_lord
Does this affect PS3 owners or just players of SOE games on PC?
Kevling
Just PC. To play DCUO (and Free Realms) on the PS3 everything is done through the PSN.