The woes for Sony seem to keep piling up. Sony has announced today that another branch of their online networks, Sony Online Entertainment, has been hacked and more user information has been comprimised.
If you have played certain PC games, like Star Wars: Galaxies, then you probably signed up for an SOE account. And Sony had to bend over once again and send every single SOE user the following email:
Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.
Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained and we will be notifying each of those customers promptly.
There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
We apologize for the inconvenience caused by the attack and as a result, we have:
1. Temporarily turned off all SOE game services;
2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3. Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE™’s services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at (866) 436-6698 should you have any additional questions.
Sincerely,
Sony Online Entertainment LLC
Although Sony hasn’t come right and and said so, it looks to be the initial hacking into the PlayStation Network also included the hackers getting into SOE. Good news this time is the SOE database was an old database dating back to 2007, so hopefully most of the credit cards obtained are expired or about to be expired. Also, the credit card info mainly came from non U.S. customers, but the hackers still managed to get addresses, User IDs, and passwords from customers located all around the world. All of Sony Online Entertainment systems are now offline until the problem can be resolved.
Sony had announced earlier in the day that they had hoped to get PSN back online by the end of the week. But, it makes you wonder if they should really rush it and MAKE SURE they are finding all the security breaches they have and locking them down. So, now that almost all of Sony’s online gaming community has had their info comprimised, will you be making a quick leap to get back online with them?
Great write-up. I am a regular visitor of your site and appreciate you taking the time to maintain the nice site. I’ll be a regular visitor for a long time.