Sony Attacked, Again

However, it’s nowhere near as bad as the PSN outage earlier this spring. In a post on the Playstation Blog, Sony’s new VP & Chief Security Officer Phillip Reitinger talked about the attack.

“We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.”

He goes on to say that despite sounding pretty bad, less then one tenth of one percent of all PSN users(93,000 PSN/SEN accounts, 33,000 SOE accounts) have been affected. Credit card info was NOT compromised.

“As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password.”

The SOE accounts that were affected have been de-activated, and emails will be sent to affected users to address this issue and get instructions to re-activate your account.

While it sucks for those thousands of people affected, it’s good to see Sony getting better at this. It’s certainly better than when ALL accounts were compromised last time.

Via – Playstation Blog