Sony says 25 million more accounts hacked

May 03, 2011

Sony Corp. said Monday that hackers may have taken personal information from an additional 24.6 million user accounts after a review of the recent PlayStation Network breach found an intrusion at a division that makes multiplayer online games.

The data breach comes on top of the 77 million PlayStation accounts it has already said were jeopardized by a malicious intrusion.

The latest incident occurred April 16 and 17 - earlier than the PlayStation break-in, which occurred from April 17 to 19, Sony said.

About 23,400 financial records from an outdated 2007 database involving people outside the U.S. may have been stolen in the newly discovered breach, including 10,700 direct debit records of customers in Austria, Germany, the Netherlands and Spain, it said.

The outdated information contained credit card numbers, debit card numbers and expiration dates, but not the 3-digit security code on the back of credit cards. The direct debit records included bank account numbers, customer names, account names and customer addresses.

Company spokeswoman Taina Rodriguez said Sony had no evidence the information taken from Sony Online Entertainment, or SOE, was used illicitly for financial gain.

"We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1 we concluded that SOE account information may have been stolen and we are notifying you as soon as possible," Sony said in a message to customers.

Sony said that it shut service Monday morning to Sony Online Entertainment games, which are available on personal computers, and the console. Its most popular games include "EverQuest," "Free Realms" and "DC Universe Online."

The company said it will grant players 30 days of additional time on their subscriptions, along with one day for each day the system is down. It is also creating a "make good" plan for its multiplayer online games.

On Sunday, Sony executives bowed in apology and said they would beef up security measures after an earlier breach caused it to shut down its PlayStation network on April 20. The company is working with the FBI and other authorities to investigate what it called "a criminal cyber attack" on Sony's data center in San Diego, Calif.

The company said it would offer "welcome back" freebies such as complimentary downloads and 30 days of free service to PlayStation customers around the world to show remorse and appreciation.

PlayStation spokesman Patrick Seybold, in a blog post Monday, denied a report that said a group tried to sell millions of back to Sony.

He also said that while user passwords had not been encrypted, they were transformed using a simpler function called a hash that did not leave them exposed as clear text.

Explore further: HP sales inch up while profit drops

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Sony PlayStation network users face password change

May 01, 2011

Users of Sony's PlayStation Network will have to change their passwords, the Japanese entertainment and technology giant said Sunday as it looks to boost security after its system was hacked.

Sony sued over PlayStation Network hack

Apr 29, 2011

Sony is being sued in US court by gamers irked by news that a hacker cracked PlayStation Network defenses and pilfered data that could potentially be used for fraud or identity theft.

Sony apologises for breach, boosts security

May 01, 2011

Sony on Sunday apologised for a security breach that compromised millions of users, and said it could not rule out the possibility that credit card information was stolen.

Sony says stolen PlayStation credit data encrypted

Apr 28, 2011

(AP) -- Sony is telling PlayStation users that it had encrypted the credit card data that hackers may have stolen, reducing the chances that thieves could have used the information. ...

Recommended for you

Ticketfly buying WillCall for on-premise data

7 hours ago

Ticketfly Inc., a San Francisco-based technology company among several posing a challenge to Ticketmaster, is acquiring WillCall Inc., a crosstown rival that turns your smartphone into a mobile wallet at live events.

HP revenue inches up after years of decline

23 hours ago

Hewlett-Packard on Wednesday reported that its quarterly revenue rose for the first time in three years, nudged by improved computer sales everywhere except Russia and China.

Restaurants experimenting with pay-in-advance tickets

Aug 20, 2014

With restaurant patrons increasingly jumping on the Internet to make reservations, some high-end eateries here and across the country are adding a new tech wrinkle: having their clientele pay for their meal in advance using ...

Chip maker Infineon to buy California firm for $3B (Update)

Aug 20, 2014

German chip maker Infineon Technologies AG says it has agreed to pay $3 billion in cash for California-based semiconductor firm International Rectifier, which produces power-management components used in everything from cars ...

User comments : 7

Adjust slider to filter visible comments by rank

Display comments: newest first

Bigblumpkin36
not rated yet May 03, 2011
Was it Bin Laden?
PS3
1 / 5 (1) May 03, 2011
I wouldn't be surprised to find traces of the hack leading to Microsoft.
kaasinees
1 / 5 (1) May 03, 2011
It was jesus.
Jotaf
1 / 5 (2) May 03, 2011
So a bunch of pimply nerds had to go without their games for a week, Oh the Humanity! Someone obviously has to go to prison. ;)
Physmet
1 / 5 (1) May 03, 2011
Good thought, Jotaf. Except...a lot of people enjoy games, not just pimply nerds such as yourself. ;) The network is projected to be down through the end of May for a total of a month and a half. And, even more seriously, people's credit card info and personal information was stolen.

Pretty sure you didn't even read the article, though.
sherriffwoody
not rated yet May 04, 2011
I wouldn't be surprised to find traces of the hack leading to Microsoft.

I think its more likely to be google or apple, they like to know where everyone is and what they are doing lately.
J-n
not rated yet May 04, 2011
Too bad none of the blame is heading back to Sony who left their customers data in an easily accessible location. Companies that are negligent in their storage/security of Customer data, should be punished just as severely or more so than those who steal the data.
100$ plus costs per name is a good START on a reasonable punishment for allowing someone to take customer info.