Skip to main content

Sony locks 93,000 user accounts after hack attempt

Sony issued a statement on Wednesday saying that the company had locked down a number of user accounts after it had detected a large number of unauthorized sign-in attempts on its PlayStation Network (PSN), Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) services.

Sony chief information security officer Philip Reitinger wrote in the statement: “There were approximately 93,000 accounts (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them.”

Sony also said it would be sending email notifications to the affected account holders informing them of the need to reset passwords or giving instructions on how to validate their accounts.

The Japanese electronics giant insisted that credit card information linked to the affected accounts is not at risk as a result of the intrusion. The attack happened over the weekend and, Sony said, affects less than 0.1 percent of PSN, SEN, and SOE users.

According to Reitinger, the Tokyo-based company detected an attempt to test a large set of sign-in IDs and passwords against its network database. The chief information security officer said that that the list of sign-in IDs and passwords appears to have come from “other companies, sites or other sources.”

“In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our networks,” Reitinger said.

Sony has only recently got back on its feet following one of the biggest security breaches in history back in April when hackers stole personal data belonging to more than 100 million of its customers. Its PlayStation Network and Qriocity services were taken offline for more than a month while the company bolstered security.

Unlike in April, however, this latest security scare didn’t involve a direct attack on Sony’s servers or databases – no doubt much to the relief of company executives.

[Image courtesy of Mario7 / Shutterstock]

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Sony launches sign-up page for free identity theft protection following network breach

Sony pledged after April's network breach to provide affected customers with one year's worth of free identity theft protection, a promise it is now making good on. An enrollment page has launched on the company's website which offers a simple a simple, one-step process to get the ball rolling. Simply enter the e-mail address tied to your Sony account into the two text boxes on the page and click submit. Then, sometime in the 72 hours that follow, you should receive an e-mail containing an activation code for the AllClear ID PLUS protection plan from Debix. In addition to receiving alerts when suspicious activity relating to your online persona is detected, the plan also offers free identity theft insurance coverage and on-call assistance from fraud investigators.

Meanwhile, Sony continues to engage in an ongoing process of damage control following yesterday's news of another network breach, this time on Sony Ericsson's Canadian e-shop site. This has been ongoing since April 20, when the PlayStation Network, Qriocity and Sony Online Entertainment services were shut down for one month following a network breach. Attacks on various Sony properties have followed since then, with the Sony Ericsson Canada breach only being the latest.

Read more
Sony Ericsson Canada admits 2,000 customers affected by latest hack

This is becoming painful: After a handful of its international web properties were infiltrated, Sony admitted to an intrusion of its Canada e-shopping site, resulting in the loss of thousands of customer records. And now the plagued company can add Thailand's Sony services users to its list of affected subscribers.

Yesterday morning we reported that Sony’s Japan music site had been hacked via an SQL injection, much like its Greece music site had been earlier this week. It has been confirmed that Sony Ericsson Canada had suffered the same fate at the hands of a “Lebanese grey-hat hacker” called Idahc. Unlike the previous attacks, Idahc was able to access Sony Canada’s online store and customer database and the company confirmed that some 2,000 account records have been compromised. "Sony Ericsson's website in Canada, which advertises its products, has been hacked, affecting 2,000 people," a Sony spokesperson told AFP.

Read more
Sony’s Japan music site hacked; UPDATE: Sony Ericsson Canada hacked, user data compromised

Sony just can’t catch a break. Yesterday, was infiltrated by hackers via an SQL injection tool. The unsophisticated attack compromised the site’s user database, leaking name, e-mails, and addresses of those registered.

Today, Sony’s Japan music site has suffered the same fate. Sophos, which discovered yesterday’s hack, found similar damage to According to Chester Wisniewski via the site’s Naked Security IT blog, Hacker News first found the affected web pages. As reported yesterday, an SQL injection was used to access the site’s contents, including its user database. Fortunately, this instance did not concede as much user information, and names, passwords, and other “personally identifiable information” are believed to be safe. But it’s still unknown what exactly hackers were able to access. Wisniewski says it is possible they could have inserted malicious code that would then affect the site’s visitors.

Read more