Sony has another security headache on its hands, but don’t call it a hack.
According to the official Playstation blog, some entity was trying to sign in to users’ accounts on the Playstation Network, the Sony Entertainment Network and Sony Online Entertainment, using “a massive set” of login data obtained elsewhere. The attackers likely got a hold of a large username and password database, and were trying to see if any of those logins worked on Sony’s networks.
Only 93,000 of the login attempts–0.1 percent of the three networks–were successful, and Sony has already locked down those accounts and notified the affected users by e-mail. A “small fraction” of compromised accounts showed additional activity, such as unauthorized purchases. Those users will have credits restored to their accounts. Credit card information is not at risk, Sony said.
The company’s reputation for security got dinged last spring, when hackers broke into the Playstation Network and Sony Online Entertainment. The hackers stole user names, passwords and other personal information, and kept gamers offline for nearly a month.
The news about the latest attack was delivered by Philip Reitinger, who Sony hired as chief information security officer after the April’s Playstation Network breach. Reitinger previously worked at the U.S. Department of Homeland Security.
Communication was definitely a step up this time, although I’m still wondering when, exactly, the attack occurred, and why it’s possible for an outside entity to test logins on such a massive scale.