Sony’s chief information security officer, Phillip Reitinger, has taken to the web to alert users of the company’s online services about another hacking issue.
Reitinger posted on Playstation’s blog that Sony has detected an attempt to hack user approximately 93,000 accounts globally on its Sony Entertainment Network, PlayStation network and the Sony Online Network services. The post says the hacker used large amounts of data obtained from “other companies, sites or other sources.”
In other words, a hacker nabbed a big set of user IDs and passwords from other compromised sites and tried to match them with customer data in Sony’s database to access Sony customer accounts–all the more reason to use different IDs for different sites, right?
The attempts were apparently made between Oct. 7 and Oct. 10 so Sony was proactive in getting word out immediately. Earlier this year, when LulzSec hacked into its network, Sony kept quiet for about a week.
This time, Sony said less than one tenth of one percent of its accounts were affected. It said the affected accounts have been temporarily locked and are undergoing security checks. Sony says credit card information is not at risk and it will work with any users who have had unauthorized purchases made on their accounts.
As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password.Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on.
We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.