Sony has reported another hacking attack attempt on 93,000 accounts. Of the accounts, PlayStation Network and Sony Entertainment Network make up 60,000, plus 33,000 Sony Online Entertainment users.
Sony claims the hackers used "a massive set of sign-in IDs and passwords" to carry out the attack, but that only a "small fraction" of the accounts accessed displayed any activity before the company locked them.
"These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources," writes VP & chief information security officer Philip Reitinger in a post on the official PlayStation Blog. "In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity."
Reitinger goes on to say that Sony will work with any users who report unauthorised purchases on their accounts in order to reimburse them, and stresses that, "Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected."
All affected customers can expect to receive an email from Sony and will have to reset their passwords yet again.
"As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt," Reitinger explains. "If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password.
"Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on."
This attack is the latest in a string of hacking attempts on Sony's user databases which began in April this year when 75 million account details were stolen from PSN, resulting in the service going offline for six weeks in order to bolster security.
Comments
10What's Japanese for facepalm? I'm buying a PS3 this month - is it possible to use online without giving any card details? Once is careless, twice is pretty darn poor.
What?
Sony or PSN wasn't hacked. The article is misleading. Some individual user accounts were hacked by basically guessing their passwords.
Someone obtained a list of usernames and passwords from an external source of some kind and ran a script to see how many accounts they could log into.
This happens on XBL all the time, every day.
Don't use the same password on multiple services.
No card required. And it's 手に顔をうずめる by the way.
93,000 accounts is still a lot to have gained from an external source. There's obviously another floor, or some incredibly stupid people out there.
And isn't this the third time?
From what you write someone ELSE was hacked and Sony's new security measures prevented any accounts being compromised.
When you guess your password for a website due to forgetting which one you used, do you consider it "hacking" when you guess the correct one?
Why are you assuming it was an external company and not some of the data from the April breach rearing its head?
None of the passwords from that breach would work, though, since everyone had to change it.
Yes but they might not have done.
They also might have changed the password to what it was originally, people being stupid like that.
If you've not changed your password since the last hack you deserve to have your ccard compromised.
Ah, yeah - it's user negligence as opposed to a genuine hack. Arguably a non-story. Thanks to Lupinsensei for the info.
King of Japanese facepalms is Godzilla Facepalm!