A breach that started with the PlayStation Network has also affected Sony Online Entertainment’s 25 million customers, the company acknowledged on Tuesday. The electronics giant posted a press release on the Website of its Sony Online Entertainment division that provided additional details behind the discovery that forced the company to take its station.com gaming network offline on Monday.
The company acknowledged that the breach of PlayStation Network extended, also, to Sony Online Entertainment and Station.com. SOE and Station.com appear to have been hacked on April 16 and 17, around the time that the PlayStation Network breach occurred. Personal information from around 24.6 million SOE accounts may have been stolen, including customers name, address, e-mail address, birth date, gender, phone, account login and password (hashed). In addition, credit card information for an 12,700 non-U.S. credit and debit card holders, including the expiration date (but not security codes). Direct debit records of 10,700 Sony customers in Austria, Germany, Netherlands and Spain may have been lifted from what Sony describes as an “outdated database” on the site.
As Threatpost reported on Monday, SOE customers were initially assured that the PlayStation Network breach did not extend to the station.com network, which hosts PC, mobile and casual games, including Everquest and Everquest II, Starwars Galaxies and The Matrix II.
On Tuesday,the company abruptly took station.com and associated forums offline, posting a message apologizing for the inconvenience and stating that the company had discovered “an issue that warrants enough concern for us to take the service down effective immediately.”
Sony said it is working with the FBI and conducting its own investigation while it works to restore service to customers. The company said it is giving customers 30 days of free time on their subscriptions and comp them one day for each day the system is down, according to the company statement.
Sony’s PlayStation Network has been offline since April 20th, shortly after the company first detected a serious security breach. An investigation into the breach ultimately determined that data on some 70 million PlayStation Network members may have been stolen, in addition to credit card data from a smaller number of account holders.