Sony admits breach larger than originally thought, 24.5 million SOE users also affected

Image representing Sony as depicted in CrunchBase

Image via CrunchBase

Sony disclosed today that the breach affecting its PlayStation Network (PSN) that saw 77 million records lost was larger than they originally thought. Not only were the details of PSN users stolen, but another 24.5 million records related to users of Sony Online Entertainment were stolen as well.

Sony Online Entertainment logoSony Online Entertainment (SOE) is the division of Sony responsible for many of their popular online role-playing games like DC Universe Online and Star Wars: Clone Wars Adventures. As in the PSN breach, the lost information included names, addresses (city, state, zip, country), email addresses, gender, birthdates, phone numbers, login names and hashed passwords.

In news perhaps worse than the disclosure from two weeks ago, Sony is saying that 12,700 credit and debit cards and expiration dates of non-US customers and 10,700 direct debit accounts (bank account numbers) for users in Germany, Austria, Netherlands and Spain may also have been stolen.

SOE email

Unlike the credit cards from PSN, which Sony assured the public were encrypted, no mention was made in Sony’s press release about the information from SOE being protected.

Sony was quick to note that the passwords had been hashed, but has not disclosed which hashing algorithm was used and whether they used a salt when calculating the hashes.

Sony mentioned that the lost credit/debit card information and direct debit banking information was stored in an “outdated database from 2007.”

WHAT??!?! How many locations on your network are housing other “lost” financial data? Do you even know where my information is to check whether it has been stolen?

Whether Sony’s bad practices are an act of hubris or simply gross incompetence is hard to discern. Let’s hope for the sake of Sony’s customers and the poor souls in their public relations department that this is the last disclosure they will need to make related to this incident.

It is important to remember that Sony is a victim as well, not just the 101.5 million customers whose personal information have been disclosed. Malicious attacks like this are a serious crime, it is just unfortunate that Sony had not taken a few preventative measures to be sure our information was safe.

For more information on how to keep your data safe, visit our Data Loss and Regulations site to download free tools, papers and other advice on keeping your data safe.

Source :- http://nakedsecurity.sophos.com

Advertisements

About pratyushkp

A Newbie Social Media Blogger , Social Network Addict , Social Gamer ( Mafiawars , Farmville) , Working as a Marketing Specialist for a E-cards company. www.blogoholic.in

Posted on May 4, 2011, in Social, Technology and tagged , , , , , , , . Bookmark the permalink. 1 Comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: