Sony says PlayStation breach extended to other systems

Share this article:

Investigation into the breach of Sony's PlayStation Network and Qriocity services has turned up further compromise, the company disclosed Monday.

Sony said it temporarily has disconnected its online gaming portal, known as Sony Online Entertainment (SOE), after discovering that the personal information connected to an unknown number of users' accounts may have been stolen. The data includes names, street addresses, email addresses, genders, birth dates, telephone numbers, login names and hashed passwords.

In addition, the hackers likely got their hands on 23,400 credit and debit card numbers belonging to SOE customers in Germany, Austria, the Netherlands and Spain.

The company said it originally didn't think this segment of the corporate network was impacted, but that view changed over the weekend. The SOE division creates and publishes massively multiplayer online role-playing games, or MMORPGs, such as the "EverQuest" series.

On Saturday, in a press conference held in Tokyo, Sony executives publicly apologized for the PlayStation/Qriocity breach, in which the personal information belonging to 77 million gamers was illegally accessed. They laid out security steps the company plans to take, and also admitted that up to 10 million credit card numbers may have been exposed.

However, the company remains steadfast that there is no proof any card data belonging to gamers actually was stolen. In a blog post Monday, spokesman Patrick Seybold also shot down reports that a hacker group tried to sell 2.2 million pilfered card numbers back to Sony.

"One report indicated that a group tried to sell millions of credit card numbers back to Sony," he wrote. "To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list."

On Saturday, executives described additional steps they plan to take, including deploying software monitoring and configuration management tools, increasing encryption and intrusion detection capabilities and adding new firewalls.

Sony also plans to hire its first-ever chief information security officer, who will report to Shinji Hasejima, the company's CIO.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.