Another 25 million Sony users compromised
After apologising for the breach in security that saw 77 million user records compromised, Sony has announced that it has discovered 25 million user records were also compromised on Sony Online Entertainment's systems. SOE is best known for creating massive multiplayer online games (MMORPG) for the PC and PlayStation 3 such as EverQuest, The Matrix Online, Star Wars Galaxies, DC Universe Online and Free Realms. The breach was announced on 2 May, after the company had shut down the SOE services as a part of its response to the discovery.
The company says it undertook a review of the SOE systems after the discovery of the break-in on the Sony PSN and Qriocity networks which had forced the shutdown of those systems. During the review it found that attackers broke into the system on 16 or 17 April – starting a day before the PSN shutdown which ran from 17 to 19 April – and accessed information from 24.6 million user accounts including name, address, email, date of birth, gender, phone number, login name and a hashed version of the password.
The attackers also gained access to what Sony describes as an "outdated database from 2007" which included 12,700 "non-US credit or debit card numbers" and 10,700 direct debit records for customers in Austria, Germany, Netherlands and Spain. Sony says that credit card CCV numbers, which are designed to make online transactions require an extra element of confirmation, were not stored.
Sony has already announced that SOE users will receive thirty days free service plus one extra day free for every day the system is down. It has posted a notification on its station.com web site which includes a recommendation to change passwords when the system is brought back on line. The company also says it will inform customers by email of the discovery of the theft.