Sony has revealed they that have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against their network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against the network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from their Networks. Sony has taken steps to mitigate the activity. I have to say that I am impressed by Sony’s change in strategy with his latest issue and choosing to alert and inform customers as soon as possible rather than be secretive and vague like with the massive PSN hack a while back.
Sony believes that less than one tenth of one percent (0.1%) of their PSN, SEN and SOE are affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and they have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. They are currently reviewing those accounts for unauthorized access, and will provide more updates as they have them. Sony has made it clear that your credit card information is not at risk. They will also work with any users who have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.
As a preventative measure, Sony is requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from Sony at the address associated with your account that will prompt you to reset your password.
Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from Sony at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on.
Sony also said they wanted to take this opportunity to remind their customers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. They encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.