Sony Attacked Again

[Andy Chalk]

Sony Attacked Again

A new attempt to compromise thousands of PSN and SOE accounts has ended in failure.

Philip Reitinger, who you may recall as the former Homeland Security guy who was recently tapped by Sony [http://www.escapistmagazine.com/news/view/112809-Sony-Taps-Homeland-Security-Head-For-Cyber-Security-Gig] to serve as its Chief Information Security Officer, revealed earlier today that another significant attempt to infiltrate the PlayStation Network and Sony Online Entertainment has been made. But this time around, only about 93,000 accounts were affected and more importantly, Sony locked everything down at the first sign of trouble.

The "attack" was actually a test of username/password combinations which Sony says appear to have been obtained from other companies or sources. The "overwhelming majority" of those username/password combinations failed; valid logins were found for roughly 60,000 PSN and 33,000 SOE accounts, all of which have since been locked down. Only a "small fraction" of that number showed additional activity beyond the login.

"Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected," Reitinger wrote on the PlayStation Blog [http://blog.eu.playstation.com/2011/10/12/an-important-message-from-sonys-chief-information-security-officer/]. "If you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet."

Customers with locked accounts will receive an email from Sony explaining how to go about reactivating them.


Permalink

 

[silverbullet1989]

least sony acted fast this time, starting to feel sorry for sony now =/

 

[Coreless]

Sony must have really pissed some people off....good thing they reacted quickly, they don't need anymore fingers pointed in their direction.

 

[Soviet Heavy]

Damn, if this keeps up, Sony will become the new Madagascar!

 

[Zoe Castillo]

This is the correct way to handle a situation like this , good job Sony

 

[Redlin5_v1legacy]

Much better than the last time. Nice to see some progress.

 

[Vanbael]

You, Sony, has done it right this time, very right.
The question now is was this done out of boredom or did Sony somehow piss someone off?

 

[Shadow-Phoenix]

About time Sony went straight to DEFOCON 1 to make sure the same mistake was not repeated again.

 

[MissGinaKid]

I'm happy to see that they learned from their mistakes.

 

[kokoska]

Damn, if this keeps up, Sony will become the new Madagascar!

SHUT. DOWN. EVERYTHING.

 

[ZehMadScientist]

Damn, Sony sure has some bad luck don't they? Or maybe they just have a unique charisma for attracting crackers. Good to hear that the damage was minimal.

 

[MBergman]

The least you can say about Sony is that it has learned from it's mistakes, for now at least.

Anyway, good to see it. (The way the handled it that is, not that they were attacked again.)

 

[RaikuFA]

very happy bout this. give this new guy a bonus

 

[Tohuvabohu]

Not exactly "new" news since I heard about this yesterday.

But wait, isn't Xbox Live going through some problems too? I've seen plenty of people reporting fraudulent chargers to their accounts, and many within the same span of a few days. Sounds like something is going on there?

 

[PawnOfTheThree]

Sigh. Sony didn't actually get attacked at all. Hell, the system is actually now set up so that any of the accounts that someone did break into probably were automatically cleared of all credit card data.

The thing everyone seems to be ignoring is that whoever did this used a list of login/password combos from somewhere. A somewhere that has yet to say anything about losing this information.

So I'm going to be the stick in the mud here, ignore that Sony's name is in this, and ask where the over 90 THOUSAND logins and passwords came from. Seriously. I'm a little concerned about that, as you all should be too.

 

[SnootyEnglishman]

Hey at least they've learned. They acted faster to stop the problem from getting worse and let everyone know what happened and if they should be concerned.

 

[TheEvilCheese]

Damn, if this keeps up, Sony will become the new Madagascar!

SHUT. DOWN. EVERYTHING.

What was that? A child sneezed in Greenland?

GAS MASKS FOR EVERYONE.


OT: Yeah, It's good to see a fast and seemingly honest statement on the matter, but you have to wonder what sony did to deserve the hate. I mean really, brute forcing accounts? who does that?

 

[8bitmaster]

this just sounds like a group of people who doubted the fact that sony beefed up their security and thought, "hey! we are short on funds and know hacking, lets get into sony! Their security is like a revolving door herpderp!" Only problem is now that sony DID improve security, the hackers will be found a lot faster, and everyone's data is safe. Nice fail hacking, and its good to know sony is handling it a bit better than last time.

 

[Actual]

Sigh. Sony didn't actually get attacked at all. Hell, the system is actually now set up so that any of the accounts that someone did break into probably were automatically cleared of all credit card data.

The thing everyone seems to be ignoring is that whoever did this used a list of login/password combos from somewhere. A somewhere that has yet to say anything about losing this information.

So I'm going to be the stick in the mud here, ignore that Sony's name is in this, and ask where the over 90 THOUSAND logins and passwords came from. Seriously. I'm a little concerned about that, as you all should be too.

Yeah, what this guy said.

If they've broken a database of passwords and log-ins they're going to be trying to use them everywhere, Sony just announced it because they could use all the good security press they can get.