Hackers successfully broke into 93,000 accounts at Sony over the last few days, once again impacting users of the Sony Entertainment Network, PlayStation Network (PSN) and Sony Online Entertainment services.
According to a blog post by Philip Reitinger, Sony’s Chief Information Security Officer, credit card details were not compromised.
As a precautionary step, Sony has frozen the compromised accounts and will email impacted users asking them to confirm their identity and reset their passwords.
Some compromised accounts “showed additional activity prior to being locked,” but the only hint from Sony as to what that activity might entail is that the company says it will “work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.”
What’s interesting is that it appears that the hackers gained access to the Sony accounts by working through a large database of stolen usernames and passwords – believed to have been sourced from somewhere else. That suggests that the accounts which were broken into were using a non-unique password.
In other words, you were using the same password on the Sony PlayStation Network as you were on website X.
It’s never a good idea to use the same password in multiple places.
Sony’s security team were alerted to the intrusion when they noticed a high number of failed login attempts – so well done to those users who weren’t using the same password.
Here’s a video explaining one way to to choose hard-to-guess passwords.[youtube=http://www.youtube.com/watch?v=VYzguTdOmmU&rel=0&w=500&h=311]
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
At the end of its blog post, Sony’s Reitinger offers some sensible advice to users:
We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.
The only silver lining for Sony is that this security breach appears to be much smaller in scale than the attacks which hit it earlier this year, where millions had their personal information stolen and the Sony PlayStation Network was forced offline.
Sony’s reputation was badly harmed earlier this year by the series of hacking attacks. This latest incident certainly isn’t going to do them any favours – as customers will (rightly or wrongly) continue to associate the Sony brand with security breaches.
I’m sure Sony will be hoping that this is the last time a security incident will put their company in the news headlines for all the wrong reasons.