Sony says PlayStation breach extended to other systems

Share this article:

Investigation into the breach of Sony's PlayStation Network and Qriocity services has turned up further compromise, the company disclosed Monday.

Sony said it temporarily has disconnected its online gaming portal, known as Sony Online Entertainment (SOE), after discovering that the personal information connected to an unknown number of users' accounts may have been stolen. The data includes names, street addresses, email addresses, genders, birth dates, telephone numbers, login names and hashed passwords.

In addition, the hackers likely got their hands on 23,400 credit and debit card numbers belonging to SOE customers in Germany, Austria, the Netherlands and Spain.

The company said it originally didn't think this segment of the corporate network was impacted, but that view changed over the weekend. The SOE division creates and publishes massively multiplayer online role-playing games, or MMORPGs, such as the "EverQuest" series.

On Saturday, in a press conference held in Tokyo, Sony executives publicly apologized for the PlayStation/Qriocity breach, in which the personal information belonging to 77 million gamers was illegally accessed. They laid out security steps the company plans to take, and also admitted that up to 10 million credit card numbers may have been exposed.

However, the company remains steadfast that there is no proof any card data belonging to gamers actually was stolen. In a blog post Monday, spokesman Patrick Seybold also shot down reports that a hacker group tried to sell 2.2 million pilfered card numbers back to Sony.

"One report indicated that a group tried to sell millions of credit card numbers back to Sony," he wrote. "To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list."

On Saturday, executives described additional steps they plan to take, including deploying software monitoring and configuration management tools, increasing encryption and intrusion detection capabilities and adding new firewalls.

Sony also plans to hire its first-ever chief information security officer, who will report to Shinji Hasejima, the company's CIO.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.