2010 and 2011 have been rough years for Sony and for PS3 owners who use the popular PlayStation Network for online gaming. The service has come under attack, and been taken down, on more than one occasion, and for extended time periods. The latest attack began to hit the news yesterday, when it was learned that the service was again under attack.
Reports have ranged from DDOS attack to user account hacking, but earlier today Sony finally set the record straight about what is going on, how extensive the attack is, and what steps they are taking fix the problem.
According to Sony, the attack spanned three of their networks – the PlayStation Network, Sony Entertainment Network, and Sony Online Entertainment. A total of approximately 93,000 users have been affected, and those accounts have now been locked by Sony. It appears to have been a hacking attack – the perpetrators attempted to gain log-in access to accounts, and succeeded on 93,000 of them, which is actually a relatively small percentage. At this time, Sony says that those users’ credit card data is still safe.
If you have a PSN account, even if you don’t think you were affected, I would still recommend changing your password. Use a long password that incorporates letters, numbers, and symbols. Although, Sony says credit information wasn’t gained, it would still be prudent to monitor you account closely and report anything that seems suspicious.
Below is full text of Sony’s announcement.
“12 October 2011
Tokyo, October 12 – Sony Network Entertainment International LLC and Sony Online Entertainment (SOE) have detected a large amount of unauthorized sign-in attempts on PlayStation®Network (PSN), Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) services. We discovered these attempts and have taken steps to mitigate the activity.
Less than one tenth of one percent of our PSN, SEN and SOE consumers may have been affected. There were approximately 93,000 accounts (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. As a preventative measure, we will be sending email notifications to these account holders and will be requiring secure password resets or informing consumers of password reset procedures.
Credit card numbers associated with these accounts are not at risk as a result of these unauthorized attempts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are continuing to investigate the extent of unauthorized activity on any of these accounts.
These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or sources. These were unauthorized attempts to verify valid user accounts on our services using very large sets of sign-in IDs and passwords. Between October 7 – 10 US Pacific Daylight Time, we confirmed that these were unauthorized attempts, and took steps to thwart this activity.
For the latest updates please visit http://blog.eu.playstation.com/“