Sony has revealed details on a new security issue, with hackers supposedly testing a 93,000-strong list of leaked usernames and passwords to see if they’ll grant access to the PlayStation Network and other services. “The overwhelming majority” of the attacks, Sony’s Chief Information Security Officer Philip Reitinger confirmed on the company’s PlayStation blog, have failed, leading the company to suspect that the inaccurate list has come from a third-party source rather than Sony’s own servers. As well as the PSN, the Sony Entertainment Network and Sony Online Entertainment networks were targeted.
“Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked” Philip Reitinger, SVP, Sony
Reitinger also says that those users believed to have seen their accounts compromised shouldn’t be at risk from credit card fraud, even if they have a card associated with their account. Nonetheless, Sony is promising to work with any users who have seen fraudulent purchases made, and restore their virtual currency to the PSN/SEN or SOE wallet.
Sony will be sending emails to any affected users, assisting them in unlocking their accounts. The company is also pushing for people to use tougher passwords as well as avoid using username/password pairs on multiple sites.
The new level of transparency on Sony’s part suggests the company is wary of criticisms leveled at it earlier in the year, in the aftermath of the huge network hacks that saw millions of user accounts compromised. In addition to suggestions that Sony’s systems had been insufficiently protected, users also blasted the company’s reluctance to discuss the issue and delays in announcing the full extent of the hacks.