Times are not good for Sony’s online service properties. After weeks of issues resulting from hacked accounts and stolen information last April, things calmed down for Sony after putting in new measures against future intrusions. Last night, they were put to the test. Sony has reported via the Playstation Blog that attempts were made to fraudulently log into thousands of accounts across the PSN, SEN, and SOE networks. Most of the attempts failed, fortunately, but any affected accounts have been locked for the time being while Sony verifies the owners.
Sony wants us to not worry, however, as the information used to attempt the log ins appears to have come from outside sources and not Sony’s own databases based on the high failure rate. Notice the extra emphasis on “wants” and “appears.” From Philip Reitinger, Chief Information Security Officer of Sony Corp.
“We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.”
In total, about 93,000 accounts have been locked across all three services. If you happen to be one of the (un)lucky winners, you should have already received an email detailing the situation and what steps Sony needs you to take to reactivate your account. A tiny percentage of the compromised accounts have suffered additional funny business, but Sony has promised to refund any lost wallet funds. You know, ’cause that’s what people are really worried about here, though Sony claims that no credit card information is at risk from last night’s events.
So has this fast, open response to the situation helped restore a bit of your faith in Sony’s online presence, or is it a sign of future attacks and a reason to jump ship if you haven’t already? Talk about it in the forums!