Gamification

Libe Goad
Home / News & Blogs / Gamification

Sony security hole exposes another 24.6 million accounts

By | May 3, 2011, 6:59am PDT

Summary: Just when you thought things couldn’t get any worse for Sony, the company admits to another security failure that exposed personal information on another 24.6 million user accounts.

Just when you thought things couldn’t get any worse for Sony: Hours after shutting down access to its Sony Online Entertainment service, the company announced another security intrusion that exposed information on an additional 24.6 million accounts.

Sony says hackers infiltrated the Sony Online Entertainment (SOE) systems around the same time as the recent break-in to Sony’s PlayStation Network (PSN). Data thieves made away with personal information from approximately 24.6 million SOE accounts, according to Sony.

An “outdated database from 2007″ was also copied which included 12,700 credit card and debit card numbers and expiration dates from customers in Austria, Germany, Netherlands and Spain. Sony noted that credit card security codes were not included in that database.

SOE systems power Sony’s multiplayer online games including EverQuest II, Free Realms and DC Universe Online. The service went down Monday morning in the United States with a maintenance message. Sony has since followed up with more details.

Over the weekend Sony executives held a press conference to discuss security problems with its PlayStation Network (PSN) and Qriocity media streaming service. Around April 18, data thieves broke into PSN and Qriocity’s databases and made away with personal information on 77 million account holders, including, possibly, credit card information on about 10 million subscribers.

The company failed to acknowledge the data breach until almost a week after it shut down access to the PSN and Qriocity services, raising sharp criticism from PSN users, security analysts and others.

A contrite Kazuo Hirai and other Sony executives took the dais at the Sunday press conference to apologize to Sony users affected by the initial security failure, promising to make amends by offering free access to PlayStation Plus content and other benefits.

Similarly, Sony is promising to overhaul SOE’s security procedures, and is offering some tepid enhancements to help encourage players to come back, once service has been restored.

This latest fiasco tips the total number of affected Sony user accounts to more than 100 million. While it looked like Sony had some hope of digging out from the initial PSN catastrophe intact, anyone who’s ever given Sony a credit card must be looking askew at the company now.

Related:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Gamification”

Topics

Sony Corp., Credit Card, PSN, Sales Channel, Game Players, Security, Financial Services, Sales, Consumer Electronics, Personal Technology, Finance, Peter Cohen

A long-time veteran of the Apple news business, Peter has also spent more than fifteen years covering games and the game industry. A self-proclaimed Alpha Nerd, Peter also professes a love for anime, sci-fi cons, gadgets of all kinds and various geek subcultures.

Disclosure

Peter Cohen

Peter Cohen does not own any stock or have any investments in any of the companies he writes about.

Biography

Peter Cohen

A resident of Cape Cod, Massachusetts, Peter has spent more than fifteen years writing about games and the game industry. For a decade Peter was senior editor for Macworld magazine, writing online news and covering the Apple game beat in Macworld's Game Room column.

Peter is currently executive editor for The Loop, an Apple news and analysis site founded by former Macworld editors. He's cohost of Angry Mac Bastards, a weekly podcast that viciously eviscerates some of what passes for Apple-related news and analysis in the tech blogosphere.

Peter is also a freelance technology journalist and reviewer whose words can be found in Macworld, Mac|Life, MacUser, MacFormat and Tap! Magazine.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
29
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Sony security hole exposes another 24.6 million accounts
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
View in thread
0 Votes
+ -
Hey Sony! A word of advise...
tchopard 3rd May 2011
Why don't you spend a little less time worrying about suing people trying to use linux on their ps3 (a feature that was advertised at launch), less time on DRM (games that can't even be played in single player without internet access), and more time SECURING YOUR FREACKING NETWORKS!??
0 Votes
+ -
Agreed!
Chuck131991@... 3rd May 2011
@tchopard
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
iab@... 3rd May 2011
@tchopard
That's Hacker's = 2 v Sony = 0.5 (give them 0.5 point for suing GH, HCM & SP). Might be time sue for peace before they go out of business.
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
dailu@... 3rd May 2011
We've already had out of state purchases being made on our credit cards. The thieves don't waste time. What a bummer. Maybe it's better to enter credit card data every time you need to, rather than storing this data on an unsecured network server somewhere........Sure it's an inconvenience, but I'm willing. The next time Dominoes Pizza asks me for my 3 digit security code from the back of my credit card, I'm going to start screaming again.
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
bmgoodman 3rd May 2011
@dailu@... Bank of America and CitiBank offer disposable credit card numbers. BoA's is called ShopSafe. You can generate as many numbers as you need, set a credit limit for each one, and also an expiration date. You can even go online and kill any open ones. I use disposable numbers for all my online purchases. It seems much safer to me and it lets me have more control.
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
tchopard 4th May 2011
@dailu@...
Ironically the security code was the only thing NOT stored in the database! wink
Sorry to hear about your predicament though.
0 Votes
+ -
Never trust Sony,
edomejn 3rd May 2011
Remember these are the same idiots that installed root kits on PCs when one of their music disks was played the pc.
0 Votes
+ -
RE: same idiots that installed root kits on PCs
fatman65535 3rd May 2011
@edomejn

DON'T I remember that one!!!!!

All I can say is Karma is a b----. Right Sony?
0 Votes
+ -
Could open source be the problem?
jscott418 3rd May 2011
So someone brought it up. The PS3 runs on a form of Linux. So is this the problem? I have thought that myself. Some have always said Linux is not immune its just been unpopular. Whatever the reason Sony really has a problem and its going to get worse with legal actions.
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
snoop0x7b 3rd May 2011
@jscott418 The PS3 client has nothing to do with this. Furthermore, the underlying OS usually has nothing to do with a company who refuses to implement a PCI-compliant security policy. All the secure OSes in the world can't make up for someone who refuses to take basic steps to secure credit card storage.
0 Votes
+ -
RE: Could open source be the problem?
fatman65535 3rd May 2011
@jscott418

Are you standing in for Loverock Davidson today????

Apparently, you cut the class on Computer Essentials 100, the pre-requisite for Security Essentials 101.

Sony had ITS SERVERS hacked. Whether on not the Playstation would (or could) have been running Linux is immaterial.

It is SONY's responsibility to secure data on its servers ; and apparently, it did not.
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
tchopard 3rd May 2011
@fatman65535
Amen! However there is no doubt that hack attempts on their servers and different platforms increased due to their attempts at controlling intellectual property and the lawsuits.
The big dog companies have no regards for PCI compliance.
I love the fact that they are talking about an 'outdated database from 2007'. What I just read was "a vulnerability known since 2007 was used to hack our unpatched database"...
PS3: It only does Identity Theft!
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
tech_ed@... 3rd May 2011
All I can do is sit back and chuckle to myself, content in the knowledge that what goes around, comes around....
0 Votes
+ -
I love the smell of lawyers in the morinig !
Clockwork Computer 3rd May 2011
The class action will go close to breaking them.
Was there ever a company MORE out of touch with it's customers ?
Let's hope someone useful gets the camera business.
0 Votes
+ -
sony
davidthomas5656 3rd May 2011
While Sony may or may not be at fault, why is the gov't not asking...why are people so willing to give their personal information away to play video games? http://bit.ly/mCxtbF
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
ABC.1234.56789 4th May 2011
@davidthomas5656
because they are too morron to send ID credit card to sony BIG COMPANY.....that's why always use 2 or more bank account
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
slowgeezer 4th May 2011
@bmgoodman@... Agree!! I've been using CitiBank disposable credit card numbers for over 5 years. They are great, and as easy & fast to use as an actual card. They not only stop criminals, but errant businesses. Others need to use them too!
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
RichCocovich 4th May 2011
The playstation side of this issue scares me the most.

Rich Cocovich
Global Star Capital
globalstarcapital.com
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
RichCocovich 4th May 2011
The playstaton side of this issue scares me the most. I have bought my son numerous items through their virtual store.

Rich Cocovich
Global Star Capital
globalstarcapital.com
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
WoofboyX 6th May 2011
This can happen with ANY company that accepts credit cards for purchase and allows the storage of the credit card. This includes intermediaries like paypal who do nothing BUT financial transactions. Why Sony is worse:
1) They have other blackmarks on their history (rootkits in dvds for example).
2) They have a LOT of customers worldwide.
3) They didn't initially admit to the full scope of the issue.
4) They are already in the press busily suing people (probably an inspiring factor in them getting attacked)
5) The blew it on multiple fronts. 3 separate card vaults compromised at the same company tells us that it wasn't just one issue, that they just might not know how to protect their customers.
6) The final straw: They are STILL down, leaving their customers out of service and many people (like me) struggling to remember what, if any, credit card I MIGHT have had stored in my account. As a rule, I don't purchase sony online content, but I can't absolutely remember that I never have. And since it has been 2 weeks and I still cannot get into my account, all I can do is watch my credit card accounts online and wonder.
I DO know that I used to have Everquest, Everquest II and Star Wars Galaxies accounts, but I let those accounts lapse years ago so probably there wasn't a valid account in them (and it looks like those breaches weren't in the USA customers).

I'd feel the same way if this happened to my cellphone provider (AT&T). But I wouldn't feel this way if it happened with my gas company. Why? Because my gas company has not given me other reasons to mistrust them prior to handing out my personal info to the world.

We give our personal information to the world all the time. This is the price of modern commerce. We just expect the companies we do business with not to be grossly careless with our information.

We also expect not to be told that "a free month of a service" and a pat on the head is good enough to make up for it. At this point, it no longer matters to me whether I ever log onto any sony network again. Certainly if I ever do, it will be to remove any personal information and discontinue any accounts. Zero Faith.
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
RichCocovich 7th May 2011
I hope Sony fixes this problem soon. My 9 year old wants to use the network and he is turning into my ex-wife minute by minute nagging.

Rich Cocovich
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
MACKENZI 10th Sep
I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate! nccma cooler
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
MARAGARET 11th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing the i shop abatwa
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
RHIANNONA 13th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post. power sa shop
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
SATURNINA 14th Sep
I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper wheel car com bury
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
TOCCAR 25th Sep
Well welcome, hopefully you can become a vital member of the community and really help to push far ahead of google. Which Im sure the development team would love. This will of course earn you alot points too and get you on the leaders board. z d n e t t h a n k Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas.
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
CLAUDET 26th Sep
This is my first visit to z d n e t site. Thanks a lot and keep sharing the information. Keep updating the information for all of us.how can i clean up, because i don???t know why it seems my skeen has to fat i get the glasses dirty every day.i search y a h o o Very good quality indeed. I surely recommend it. The template used in their site is also great.
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
MEJIAHA 30th Sep
Fantastic news about the new release.I positively enjoying each little bit of it and I have you b o o k m a r k e d to check out new stuff you weblog post.Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas
0 Votes
+ -
RE: Sony security hole exposes another 24.6 million accounts
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix