Sony suffers another security scare – 93,000 user accounts broken into

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Hackers successfully broke into 93,000 accounts at Sony over the last few days, once again impacting users of the Sony Entertainment Network, PlayStation Network (PSN) and Sony Online Entertainment services.

According to a blog post by Philip Reitinger, Sony’s Chief Information Security Officer, credit card details were not compromised.

Sony blog entry about security breach

As a precautionary step, Sony has frozen the compromised accounts and will email impacted users asking them to confirm their identity and reset their passwords.

Sign up to our free newsletter.
Security news, advice, and tips.

Some compromised accounts “showed additional activity prior to being locked,” but the only hint from Sony as to what that activity might entail is that the company says it will “work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.”

PlayStation NetworkWhat’s interesting is that it appears that the hackers gained access to the Sony accounts by working through a large database of stolen usernames and passwords – believed to have been sourced from somewhere else. That suggests that the accounts which were broken into were using a non-unique password.

In other words, you were using the same password on the Sony PlayStation Network as you were on website X.

It’s never a good idea to use the same password in multiple places.

Sony’s security team were alerted to the intrusion when they noticed a high number of failed login attempts – so well done to those users who weren’t using the same password.

Here’s a video explaining one way to to choose hard-to-guess passwords.

[youtube=http://www.youtube.com/watch?v=VYzguTdOmmU&rel=0&w=500&h=311]

At the end of its blog post, Sony’s Reitinger offers some sensible advice to users:

We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.

The only silver lining for Sony is that this security breach appears to be much smaller in scale than the attacks which hit it earlier this year, where millions had their personal information stolen and the Sony PlayStation Network was forced offline.

Sony’s reputation was badly harmed earlier this year by the series of hacking attacks. This latest incident certainly isn’t going to do them any favours – as customers will (rightly or wrongly) continue to associate the Sony brand with security breaches.

I’m sure Sony will be hoping that this is the last time a security incident will put their company in the news headlines for all the wrong reasons.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.