4 Comments

Summary:

*Sony* was lambasted last spring after it took seven days to disclose that an attack on its video game network had led to what some called t…

Online Security - privacy
photo: Tetra Images / Corbis

*Sony* was lambasted last spring after it took seven days to disclose that an attack on its video game network had led to what some called the “largest identity theft in history.” Last night, the company disclosed that its customer data was hacked again.

In a message on its PlayStation blog, Sony’s chief security executive warned that hackers had broken into 93,000 customer accounts that contain information like names and credit-card information. Sony believes hackers did this by trying to log in to its network using information stolen from a third party:

We want to let you know that we have detected attempts … to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources.

The post goes on to say that only 0.1% of customer accounts were compromised by the attack and that Sony was able to lock most of the hacked accounts in a short time. This is the second time in six months that hackers have broken into Sony’s PlayStation network, which consists of millions of video game enthusiasts who supply their credit-card information in order to participate in online game activities.

Sony’s quick warning differs from what took place after the April attack. On that occasion, which resulted in the large scale theft of customers’ email and credit-card information, Sony was blasted for taking up to seven days to disclose that an attack had even taken place and for failing to encrypt credit card data. It is facing a class action suit in the U.S. for failing to warn its customers and is in a fight with its insurer over who should pay for liabilities stemming from “the largest identity theft in history.”

This time, Sony’s clear and timely warning led customers to post dozens of grateful comments like “Thanks for the heads up Sony (NYSE: SNE). Well done. Bravo!” and “Awesome catch. I’m glad to see you guys really stepped up your response time and over all security.” Some of these comments may have been posted by Sony’s own employees, but overall the tone is markedly different than the universal criticism the company faced in April.

The response to Sony’s quick disclosure of the attack seems to vindicate the “come clean quick” approach to customer privacy issues. Of course, not everyone thinks transparency is enough. Other comments on Sony’s site include, “I feel like they are sugar coating and trying to make 93,000 accounts being compromised seem fine and acceptable” and “Come on guys, this is getting old.” A third group of commentators simply fretted that they would not be able to play video games while Sony fixed the problem.

  1. Seriously, after the first attack does anyone give Sony any true information or credit card information? There are little cards that can be purchased – for cash – no credit card or information required, which can be used to complete all transactions on Sony Playstation Network. Real name and address? Are you kidding me? Exactly for the reasons which motivated this article (Sony is not secured or trustworthy with personal information or financial information) regardless of how quickly they responded to this latest attack, no one at any time should trust Sony with anything other then cash. Period. They are a failed company providing a failed service.
    And yes, I was a victim of the first round of attacks against Sony. They are not and will never be forgiven or trusted again. Cash only people, buy a PSN card for Downloadable content and put it on your “Mr. Smith on Main Street USA” account. You’ll still have fun and not be at risk of having your finances ruined or interrupted. Sony is not a bank, nor are they a credit or financial institution and as such they have no place asking for information that they have proven repeatedly they cannot protect. Personally, I think it’s time the governments get involved and restrict the types and amounts of information that such services as Sony can request and collect.

    Share
    1. This wasn’t a hack. Information obtained elsewhere (probably some small gaming related website) and they tried to use it on PSN. If I go into your house and see your username and password on a piece of paper, then use that information it doesn’t mean I hacked the site I’m signing into.

      Sony was NOT hacked.

      Share
  2. SONY WAS NOT HACKED. I’m tired of explaining why, so I’ll copy/paste exactly why it wasn’t a hacking… which I nabbed FROM YOUR ARTICLE. (so there really is NO excuse)

    ” These attempts appear to include a large amount of data obtained from
    one or more compromised lists from other companies, sites or other
    sources.”

    That doesn’t mean Sony or PSN were hacked. If you don’t know about something, don’t write about it.

    Share
  3. Do you even know the definition of a hack?

    Even if third party information was used to guess passwords..that very process of using a huge database to guess passwords and credentials to gain access to accounts is called…HACKING…and 93,000 accounts were compromised which means their attempts SUCCEEDED 93,000 times…stop trying to defend sony unless you want to be one of the ones attacked by their next round of “non hacks” 

    93,000 accounts were hacked. Regardless of how the definition is the definition. Deal with it and defend that.

    Share

Comments have been disabled for this post