93,000 accounts compromised in Sony Network attack
Sony has detected a seemingly large scale hack attempt on the PlayStation Network among other services, and warned users to secure their log-in details.
In a post on the EU PS Blog, chief information security officer Philip Reitinger said Sony had detected attempts to check "a massive set of sign-in IDs and passwords" against its networks but that "less than one tenth of one percent" of users had been affected.
"There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts," he revealed.
Luckily, "only a small fraction of these 93,000 accounts showed additional activity prior to being locked" and Reitinger said credit card details were not compromised.
"We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet," Reitinger promised.
Sony is issuing password resets to compromised accounts, and affected SOE accounts have been temporarily disabled.
Reitinger believes the combinations being tested have been sourced from another company's compromised database rather than from the PSN, Sony Online Entertainment, or other Sony networks.
"The overwhelming majority of the pairs resulted in failed matching attempts," Reitinger assured readers. "We have taken steps to mitigate the activity."
"We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites.
"We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account," the security chief concluded.
Sony came under severe criticism following an April attack on the PlayStation Network, which saw the service brought down for two months and the compromise of millions of user accounts - including credit card details.
Thanks, Kotaku.