Sony Online Entertainment portal breached, more financial information in hands of hackers

Yesterday it emerged that the Sony Online Entertainment portal had been taken down due to an intrusion. Today it emerges that this hack has resulted in the disclosure of more financial information to hackers.

Yesterday it emerged that the Sony Online Entertainment portal had been taken down due to an intrusion. Today it emerges that this hack has resulted in the disclosure of more financial information to hackers.

Here's the scale of the breach:

  • 24.6 million SOE accounts may have been stolen
  • Information from an outdated database from 2007

The 24.6 million accounts consisted of:

  • Names
  • Addresses
  • E-mail addresses
  • Birthdays
  • Gender
  • Phone numbers
  • Login names
  • Hashed passwords

Basically, the sort of stuff that could be used to commit identity theft.

This outdated database contained:

  • Approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes)
  • About 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain (bank account numbers, customer name, account names, customer addresses)

 This is all bad stuff.

While Sony has gone on record to say that it will give PlayStation Network and Qriocity free stuff, but I think we're beyond that just now, and that Sony should offer all affected customers a subscription to a fraud protection service. Sure, it'll cost Sony some coin, but it would be the right thing to do given the scale of this mess.