Six months after an attack that targeted Sony's Playstation Network, Sony has admitted that yet another attack has occurred on PSN's servers. In a post on the official Playstation blog, Philip Reitinger, the newly appointed Chief Information Security Officer for Sony, stated, " ... we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database."
He adds that "approximately 93,000 accounts globally" actually had valid sign-in IDs and passwords generated as a result of this new attack. This amount is less than one tenth of one percent of all people who are registered for Sony's gaming networks. Reitinger said, " ... we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked." No credit card info was taken as a result of this attack, according to Reitinger.
He also said, "As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt." He adds, "Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on."
Neowin reader SMELTN received an email as one of his accounts was used in the attack. The email is below:
We are writing to let you know that we have detected an unauthorized attempt to verify the validity of your Sony Online Entertainment ("SOE") Station Account name and password. We believe there was an attempt to use a scripted application of a large set of sign-in IDs and passwords against our network database. This attempt appears to include a large amount of data obtained from one or more compromised ID and password lists obtained from other companies, sites or other sources. To protect you, we have locked your Station Account. To reopen the account, please contact SOE customer service at 1 (858) 537-0898 to verify your identity. We will walk you through the password reset process then. Please note that your credit card number is NOT at risk. As a precaution, please review your account for unusual activity and please contact us at 1 (858) 537-0898; we will work with any users with whom we confirm have had unauthorized purchases with account wallet funds, and restore those funds. We want to take this opportunity to remind our consumers about the increasingly common threat of account theft, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We advise you to create a new password that is strong, consisting of a combination of numbers, letters and special characters or symbols. Thank you, Sony Online Entertainment
In April, Sony revealed that a massive attack on the Playstation Network exposed the personal info on tens of millions of Playstation Network users. The company shut down the servers for weeks in an attempt to improve the security on those servers. The network was fully restored in all parts of the world by July. In late August, Sony's CEO Howard Stringer told an audience at a press event in Berlin that , " ... the PSN is more secure and better than ever."