Sony says PlayStation breach extended to other systems

Share this article:

Investigation into the breach of Sony's PlayStation Network and Qriocity services has turned up further compromise, the company disclosed Monday.

Sony said it temporarily has disconnected its online gaming portal, known as Sony Online Entertainment (SOE), after discovering that the personal information connected to an unknown number of users' accounts may have been stolen. The data includes names, street addresses, email addresses, genders, birth dates, telephone numbers, login names and hashed passwords.

In addition, the hackers likely got their hands on 23,400 credit and debit card numbers belonging to SOE customers in Germany, Austria, the Netherlands and Spain.

The company said it originally didn't think this segment of the corporate network was impacted, but that view changed over the weekend. The SOE division creates and publishes massively multiplayer online role-playing games, or MMORPGs, such as the "EverQuest" series.

On Saturday, in a press conference held in Tokyo, Sony executives publicly apologized for the PlayStation/Qriocity breach, in which the personal information belonging to 77 million gamers was illegally accessed. They laid out security steps the company plans to take, and also admitted that up to 10 million credit card numbers may have been exposed.

However, the company remains steadfast that there is no proof any card data belonging to gamers actually was stolen. In a blog post Monday, spokesman Patrick Seybold also shot down reports that a hacker group tried to sell 2.2 million pilfered card numbers back to Sony.

"One report indicated that a group tried to sell millions of credit card numbers back to Sony," he wrote. "To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list."

On Saturday, executives described additional steps they plan to take, including deploying software monitoring and configuration management tools, increasing encryption and intrusion detection capabilities and adding new firewalls.

Sony also plans to hire its first-ever chief information security officer, who will report to Shinji Hasejima, the company's CIO.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.