Sony security hole exposes another 24.6 million accounts

Just when you thought things couldn't get any worse for Sony, the company admits to another security failure that exposed personal information on another 24.6 million user accounts.
Written by Peter Cohen, Inactive on

Just when you thought things couldn't get any worse for Sony: Hours after shutting down access to its Sony Online Entertainment service, the company announced another security intrusion that exposed information on an additional 24.6 million accounts.

Sony says hackers infiltrated the Sony Online Entertainment (SOE) systems around the same time as the recent break-in to Sony's PlayStation Network (PSN). Data thieves made away with personal information from approximately 24.6 million SOE accounts, according to Sony.

An "outdated database from 2007" was also copied which included 12,700 credit card and debit card numbers and expiration dates from customers in Austria, Germany, Netherlands and Spain. Sony noted that credit card security codes were not included in that database.

SOE systems power Sony's multiplayer online games including EverQuest II, Free Realms and DC Universe Online. The service went down Monday morning in the United States with a maintenance message. Sony has since followed up with more details.

Over the weekend Sony executives held a press conference to discuss security problems with its PlayStation Network (PSN) and Qriocity media streaming service. Around April 18, data thieves broke into PSN and Qriocity's databases and made away with personal information on 77 million account holders, including, possibly, credit card information on about 10 million subscribers.

The company failed to acknowledge the data breach until almost a week after it shut down access to the PSN and Qriocity services, raising sharp criticism from PSN users, security analysts and others.

A contrite Kazuo Hirai and other Sony executives took the dais at the Sunday press conference to apologize to Sony users affected by the initial security failure, promising to make amends by offering free access to PlayStation Plus content and other benefits.

Similarly, Sony is promising to overhaul SOE's security procedures, and is offering some tepid enhancements to help encourage players to come back, once service has been restored.

This latest fiasco tips the total number of affected Sony user accounts to more than 100 million. While it looked like Sony had some hope of digging out from the initial PSN catastrophe intact, anyone who's ever given Sony a credit card must be looking askew at the company now.


Editorial standards