Sony on Wednesday said hackers have again accessed its network, this time compromising the accounts of some 93,000 customers.
But it appears the electronics giant was able to quickly detect the attack, which affected some 60,000 PlayStation Network (PSN) and Sony Entertainment Network gamers, and 33,000 Sony Online Entertainment (SOE) users.
In a statement, Sony said the intruders used "very large sets of sign-in IDs and passwords" in an attempt to verify user accounts, a trial-and-error method known as brute force. To do this, the hackers appeared to use login data they stole "from other companies, sites or sources," according to Sony.
Sony said no credit card data was compromised in the incident, and nearly all of the affected accounts were locked before before any unauthorized activity could occur.
"As a preventative measure, we will be sending email notifications to these account holders and will be requiring secure password resets or informing consumers of password reset procedures," the statement said.
The latest breach is a far cry from one that affected PSN and SOE earlier this year. In that case, hackers exposed the personal information of some 100 million people.
In the wake of that incident, Sony executives announced a number of steps they planned to take, including deploying software monitoring and configuration management tools, increasing encryption and intrusion detection capabilities and adding new firewalls. In September, the company tapped a former U.S. Department of Homeland Security official to serve as its first-ever CISO.
It's impossible to tell whether these security enhancements allowed Sony to detect the most recent breach as quickly as it did, but the organization appears heading down the right path, said Rafal Los, enterprise and cloud security strategist at HP. Sony is grasping the fact that getting breached is an if-not-when proposition, meaning that it must adopt a holisitic approach that doesn't solely focus on stopping attacks at the perimeter.
"You can't not get hacked," Los told SCMagazineUS.com on Wednesday. "Nobody's safe. In the real world, it's not about being hacked. It's about, 'We saw something and we did something in real time.' It appears these guys (Sony) did [that]."
