Sony has locked down tens of thousands of accounts for its PlayStation and online gaming and entertainment services, after it detected a massive attempt to test combinations of sign-in IDs and passwords.
The company said on Wednesday that the tests of various user ID and password combinations had mostly failed, meaning "it is likely the data came from another source", rather than from Sony's networks. However, around 93,000 attempts succeeded, and Sony has now "temporarily locked these accounts".
"Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorised access, and will provide more updates as we have them," Sony chief information security officer Philip Reitinger wrote in a blog post. "Please note, if you have a credit card associated with your account, your credit card number is not at risk."
Services with affected users include the PlayStation Network (PSN), Sony Online Entertainment (SOE) and the Sony Entertainment Network (SEN), which Sony unveiled at the end of August in an attempt to provide an umbrella site for its various console gaming, online gaming, music and video services.
In any confirmed case of a user's account showing unauthorised purchases, Sony will restore the amounts charged to that account, Reitinger said. He explained that those for whom sign-in IDs and passwords had been matched should expect an email from Sony, asking them to reset their passwords.
"Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on," Reitinger added, before reminding customers of the need for strong passwords and vigilance over unexpected account activity.
Although this security situation appears to be the fault of some third party, the PSN service had to be shut down from April to June due to a breach of Sony's own systems. The SOE service also had to be taken offline as a result of that intrusion.