New large-scale attack on Sony's online services
Sony's online services have been the target of another large-scale attack. In a press release, the Japanese electronics corporation said that attackers made multiple attempts to intrude into users' Sony online service accounts. Apparently, the attacks targeted the Playstation Network (PSN), the Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) between 7 and 10 October.
Sony said that around 93,000 accounts were compromised and have temporarily been locked. 60,000 accounts at PSN/SEN, and 33,000 at SOE, are affected. Sony added that email notifications will be sent to the affected account holders, and that secure password resets will be required to reactivate the accounts. However, Sony confirmed that credit card details are not at risk, and that only a small fraction of the compromised accounts showed additional activity prior to being locked.
First investigation results indicate that the attacks involved password information that was obtained from other compromised lists, said Sony. During the attacks, criminals apparently attempted to access legitimate accounts by trying out long lists of log-in IDs and passwords.
Back in April, unknown intruders had managed to access the data of 100 million Sony online service customers. These attacks had profoundly impacted Sony. Despite the corporation's best efforts, the attackers repeatedly managed to intrude into Sony web sites and networks in the weeks after the first breach. The credit card information of millions of customers was potentially compromised, although no fraudulent use of such data was reported.
For Sony, it was an expensive affair: the company had to temporarily shut down several online services such as the Playstation Network and completely rework its security architecture. In September, Sony appointed a former high-ranking US Department of Homeland Security official as its head of IT security.