Monday, May 2, 2011

UPDATED: Sony Online Entertainment has been pulled offline for data breach. Over 24 million accounts stolen.


UPDATE: 
In a press release Sony says that over 24 million SOE accounts may have been stolen.  This is...wow....

Here is some of what has happened:

This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007.  The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.

With the current outage of the PlayStation® Network and Qriocity™ services and the ongoing investigation into the recent attacks, SOE had also undertaken an intensive investigation into its system. Upon discovery of this additional information, the company promptly shut down all servers related to SOE services while continuing to review and upgrade all of its online security systems in the face of these unprecedented cyber-attacks. 
On May 1, Sony apologized to its customers for the inconvenience caused by its network services outages.  The company is working with the FBI and continuing its own full investigation while working to restore all services.

Sony is making this disclosure as quickly as possible after the discovery of the theft, and the company has posted information on its website and will send e-mails to all consumers whose data may have been stolen.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:
  • name
  • address
  • e-mail address
  • birthdate
  • gender
  • phone number
  • login name
  • hashed password.
In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:
  • bank account number
  • customer name
  • account name
  • customer address.

ORIGINAL POST:

This rabbit hole just keeps getting deeper and deeper.


After announcing this past weekend that Sony was looking to have some of the PlayStation Network back online, another data breach was found.  This time it was in the Sony Online Entertainment division.  SOE deals with Sony games that are played on PC's, this includes some games played on Facebook. (PoxNora, Dungeon Overlord, and Wild Refuge)

It was pulled offline today and Sony has put out the following statment:

Dear Valued Sony Online Entertainment Customer:

Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems.  We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack.   Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained. We will be notifying each of those customers promptly.
There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.

We apologize for the inconvenience caused by the attack and as a result, we have:
1) Temporarily turned off all SOE game services;
2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

Your best bet right now is that if you have ever made any type of online transaction with Sony via any of their web sites, start changing your information now and monitor your credit card and bank transactions.  I would also start unplugging everything, get a wig, wear a fake mustache and begin looking in to plastic surgery.  Who knows what will be uncovered next, so it's best just to be prepared.

With this information now getting out, Sony is looking at an even larger fallout from customers.

Well, at least they're offering you 30 free days.  We didn't even get a kiss.

To read the full statement and press release from Sony take the jump here: http://www.soe.com/securityupdate/http://www.soe.com/securityupdate/pressrelease.vm

What say you?

POPped by
Jungle Jesse


For breaking news and silliness, follow us on Twitter and "Like" us on Facebook.

No comments:

Facebook Blogger Plugin: Bloggerized by AllBlogTools.com Enhanced by MyBloggerTricks.com

Post a Comment