Sony says PlayStation breach extended to other systems

Share this article:

Investigation into the breach of Sony's PlayStation Network and Qriocity services has turned up further compromise, the company disclosed Monday.

Sony said it temporarily has disconnected its online gaming portal, known as Sony Online Entertainment (SOE), after discovering that the personal information connected to an unknown number of users' accounts may have been stolen. The data includes names, street addresses, email addresses, genders, birth dates, telephone numbers, login names and hashed passwords.

In addition, the hackers likely got their hands on 23,400 credit and debit card numbers belonging to SOE customers in Germany, Austria, the Netherlands and Spain.

The company said it originally didn't think this segment of the corporate network was impacted, but that view changed over the weekend. The SOE division creates and publishes massively multiplayer online role-playing games, or MMORPGs, such as the "EverQuest" series.

On Saturday, in a press conference held in Tokyo, Sony executives publicly apologized for the PlayStation/Qriocity breach, in which the personal information belonging to 77 million gamers was illegally accessed. They laid out security steps the company plans to take, and also admitted that up to 10 million credit card numbers may have been exposed.

However, the company remains steadfast that there is no proof any card data belonging to gamers actually was stolen. In a blog post Monday, spokesman Patrick Seybold also shot down reports that a hacker group tried to sell 2.2 million pilfered card numbers back to Sony.

"One report indicated that a group tried to sell millions of credit card numbers back to Sony," he wrote. "To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list."

On Saturday, executives described additional steps they plan to take, including deploying software monitoring and configuration management tools, increasing encryption and intrusion detection capabilities and adding new firewalls.

Sony also plans to hire its first-ever chief information security officer, who will report to Shinji Hasejima, the company's CIO.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

EPIC files complaint with FTC against Maricopa

The nonprofit organization alleges that the Maricopa County Community College District violated the FTC's "Safeguards Rule."

RSA fraud report examines August phishing trends

Phishing is down 22 percent from July to August, but U.S. banks experienced an increase in phishing volume.

Kevin Mitnick to sell zero-day exploits

Kevin Mitnick's new venture will develop and procure zero-day exploits, then sell them for $100,000 or more.