Sony locked the accounts of some 93,000 individuals on the Playstation Network (PSN), the Sony Entertainment Network (SEN), and Sony Online Entertainment (SOE) services following a mass log-in attempt using username-password combinations obtained from an unnamed source.
The attack affected less than one tenth of a percent of PSN, SEN, and SOE user bases combined, and the majority of log-in attempts failed. However, the 93,000 accounts that Sony ended up locking out were compromised, the company said. According to a statement put out by Sony’s CISO, Philip Reitinger, only a small fraction of the 93,000 compromised accounts showed activity before being locked.
Reitinger’s statement claims that the username-password data-set tested against the networks must have come from some outside site, source, or company, as the vast majority of these attempts failed. Presumably, those attempts that did succeed occurred in cases where users recycled their username-password combos with some other compromised source.
The company plans on contacting the affected gamers via email and encouraging them to perform a password reset, and is assuring users that no credit card data has been compromised.
Less than six months ago, the PSN network was thoroughly compromised by hackers in what turned out to be one of the larger and widely publicized data breaches ever, eventually affecting some 100 million people and leading to nearly a month of network downtime. Sony’s woes didn’t end there either. The company was shamed in its home country of Japan, where government officials postponed a PSN reboot until they were convinced that Sony had resolved their security deficiencies. The network was then beset with password reset issues when they were in the process of rebooting the PSN. This latest breach comes just months after Sony Chief Executive, Howard Stringer, pronounced that the PlayStation Network was more secure than ever at the consumer electronics conference in Berlin.
The full extent and impact as well as more details on exactly what was compromised in the breach should become clearer in the following days as more details of the attack are likely to emerge.