The restricted access may have occurred through a vulnerability in the PlayStation Store, a content download service of the PlayStation Network, according to a company statement on Wednesday. Changing the passwords makes it “possible to view users' personal information and/or use the Wallet for the PlayStation Store.”
The company said it was unlikely that credit card numbers were compromised.
PlayStation said the bug has been patched and the company is contacting users whose information may have been accessed. If a user's regular password works, that information was not affected, the statement said.
The possible breach is a sign of how the value of gaming accounts has increased, Ben Greenbaum, senior manager of Symantec Security Response, said.
“Attackers see gaming items and gaming accounts as a tradable commodity,” Greenbaum told SCMagazineUS.com on Thursday. “If they can steal them, they can sell them and make money.”
Similar to stealing and selling human identity, game attackers will pilfer coveted items within a player's game, as well as account information.
Last year alone, virtual goods in online games were valued at $10 billion, Greenbaum said.
“These goods don't actually exist, but they can be traded and sold,” he said. “That makes these online gaming credentials an attractive target for attackers.”
Symantec reported last fall that five percent of the top 50 malicious code samples were targeted at PCs to swipe gaming credentials.