It’s been a while since Sony was hacked, and it seems a bunch of hackers feels much the same way, briefly gaining access to a large number of PlayStation Network, Sony Entertainment Network, and Sony Online Entertainment accounts.
Sony announced the breach this morning, after it had locked down approximately 93,000 affected accounts. According to the Japanese giant, the hackers apparently possessed “a massive set of sign-in IDs and passwords,” and but were only able to access “less than one-tenth of 1 percent” of all accounts – making this breach not as massive as the first one earlier this year, that took out 77 million PSN and Qriocity accounts. [RELATED_ARTICLE]
Users whose accounts were affected can already regain access, with Sony sending out password reset mails to reactivate the locked accounts. While the intruders had managed to get past the verification stages with the sign-in IDs and passwords, the affected users’ credit card information was "not at risk", according to Sony. A “small fraction” of the 93,000 accounts however, “showed additional activity prior to being locked,” and Sony is currently investigating just what happened during this period.
Reassuring the victims, Sony’s Chief Information Security Officer, Philip Reitinger, posted on the PlayStation blog:
“We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.”
Without the total compromise of accounts and day long outages, it seems unlikely the hack was performed by LulzSec, or Anonymous splinters, who claimed responsibility for many earlier attacks on Sony properties. Sony also seems to have improved its security. Elaborating on the intrusion, Reitinger added:
“In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks."