Second Sony breach hits 25 million users

A breach on Sony's Online Entertainment arm, separate from the PSN hack, sees 25 million customers' data placed in danger.

Sony

Sony has confirmed a hack on its Sony Online Entertainment (SOE) division may have seen personal data of around 24.6 million users stolen.

The revelation of the second hack came after Sony recently apologised for another compromise affecting 77 million Playstation Network (PSN) customers.

SOE, an online gaming network like PSN but for PC gamers, was shut down as soon as the company became aware of the data breach, it said today.

Sony, which came under fire for not being quicker in notifying customers of the PSN breach, said it was "making this disclosure as quickly as possible after the discovery of the theft."

Sony said the SOE hack may have taken place on 16 and 17 April before the PSN attacks.

Financial data was compromised as hackers were able to steal 2,700 credit or debit card numbers and 10,700 direct debit records of non-US SOE customers from "an outdated database from 2007."

Other data at risk included names, addresses, telephone numbers, email addresses, gender, date of birth, login ID and hashed passwords.

Unlike with the PSN hack, Sony did not confirm credit card numbers of SOE customers were encrypted.

The total number of Sony customers affected now surpasses 100 million, which F-Secure chief research officer Mikko Hypponen said "must be some sort of a record."

"This is pretty big. For example, we have scores of employees at F-Secure who are affected," Hypponen said in a blog post.

Sophos senior security advisor Chester Wisniewski was shocked the data was taken from an outdated database.

"It is just unfortunate that Sony had not taken a few preventative measures to be sure our information was safe," Wisniewski said on a blog.

"It is important to remember that Sony is a victim as well, not just the 101.5 million customers whose personal information have been disclosed. Malicious attacks like this are a serious crime."

This week should see the return of PSN, as Sony announced it will begin a phased restoration by region.

Sony said it has also worked with external firms to introduce "significant security measures," whilst confirming it will create a chief information security officer position at the company.

On top of improved data protection and encrytption, Sony said it had added automated software monitoring and configuration management to help defend against new attacks.

Extra services for customers concerned about security were also launched.

"We have learned lessons along the way about the valued relationship with our consumers," said Kazuo Hirai, executive deputy president at Sony.

"We will be launching a customer appreciation programme for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services."

The Playstation creator said it was collaborating with the FBI to investigate the breaches as it works to restore all affected services.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Ryuk behind a third of all ransomware attacks in 2020
Security

Ryuk behind a third of all ransomware attacks in 2020

29 Oct 2020
REvil hacking group says it has made more than $100m in a year
Security

REvil hacking group says it has made more than $100m in a year

29 Oct 2020
36 billion personal records exposed by hacks in 2020 so far
Security

36 billion personal records exposed by hacks in 2020 so far

29 Oct 2020
Trump website defaced in second successive cyber breach
Security

Trump website defaced in second successive cyber breach

28 Oct 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020