Playstation Network hit with another attack

Six months after an attack that targeted Sony's Playstation Network, Sony has admitted that yet another attack has occurred on PSN's servers. In a post on the official Playstation blog, Philip Reitinger, the newly appointed Chief Information Security Officer for Sony, stated, " ... we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database."

He adds that "approximately 93,000 accounts globally" actually had valid sign-in IDs and passwords generated as a result of this new attack. This amount is less than one tenth of one percent of all people who are registered for Sony's gaming networks. Reitinger said, " ... we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked." No credit card info was taken as a result of this attack, according to Reitinger.

He also said, "As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt." He adds, "Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on."

Neowin reader SMELTN received an email as one of his accounts was used in the attack. The email is below:

We are writing to let you know that we have detected an unauthorized attempt to verify the validity of your Sony Online Entertainment ("SOE") Station Account name and password. We believe there was an attempt to use a scripted application of a large set of sign-in IDs and passwords against our network database. This attempt appears to include a large amount of data obtained from one or more compromised ID and password lists obtained from other companies, sites or other sources. To protect you, we have locked your Station Account. To reopen the account, please contact SOE customer service at 1 (858) 537-0898 to verify your identity. We will walk you through the password reset process then. Please note that your credit card number is NOT at risk. As a precaution, please review your account for unusual activity and please contact us at 1 (858) 537-0898; we will work with any users with whom we confirm have had unauthorized purchases with account wallet funds, and restore those funds. We want to take this opportunity to remind our consumers about the increasingly common threat of account theft, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We advise you to create a new password that is strong, consisting of a combination of numbers, letters and special characters or symbols. Thank you, Sony Online Entertainment         
 

In April, Sony revealed that a massive attack on the Playstation Network exposed the personal info on tens of millions of Playstation Network users. The company shut down the servers for weeks in an attempt to improve the security on those servers. The network was fully restored in all parts of the world by July. In late August, Sony's CEO Howard Stringer told an audience at a press event in Berlin that , " ... the PSN is more secure and better than ever."

Report a problem with article
Previous Story

iCloud goes live for general public

Next Story

Blackberry online outages now affecting North America

63 Comments

View more comments

M_Lyons10 said,

Yeah, but who other than Sony would even HAVE that many SONY logins? It defies logic. It's clear that this data originated from Sony. That's who you give your username and password to, that's who has that information, that's where hackers GET that information... There's really no mysticism about it...

As I've stated elsewhere, if you were keeping track of all the details you'd recall that PSN accounts underwent a mandatory password reset when the service was restored and that this information, according to Sony's lengthy explanation, was categorically NOT stored as plain text unencrypted data.

I love it when people can't read... nothing to do with Sony's security, if anything, their security is working well since they caught this mass login attempt. Why oh why is it so disabling for some people to take 1 minute to read?

Audioboxer said,
I love it when people can't read... nothing to do with Sony's security, if anything, their security is working well since they caught this mass login attempt. Why oh why is it so disabling for some people to take 1 minute to read?

I think purely because it doesn't say anything like 'attempted attack' or anything like that.

Audioboxer said,
I love it when people can't read... nothing to do with Sony's security, if anything, their security is working well since they caught this mass login attempt. Why oh why is it so disabling for some people to take 1 minute to read?

It didnt work, they only discovered it AFTER the infiltration was successful. Based on the fact that they are offering to reimburse anyone affected shows they really have no idea what damage this may have done or what the extent of the infiltration is.

Audioboxer said,
I love it when people can't read... nothing to do with Sony's security, if anything, their security is working well since they caught this mass login attempt. Why oh why is it so disabling for some people to take 1 minute to read?

At Neowin, when you put Apple or Sony in the headline, the trolls come in droves. Anyone that actually read the piece would know that this had nothing to do with Sony's security, but it seems to be data mined from other sources.

NeoTrunks said,

At Neowin, when you put Apple or Sony in the headline, the trolls come in droves. Anyone that actually read the piece would know that this had nothing to do with Sony's security, but it seems to be data mined from other sources.

It's hard to know where the attacker got the info.

When my WoW account was hacked people said it was because of a keylogger or because i was using the same pwd for WoW and the mail account tied to it.

The fact is i had no virus or keylogger on my computer. Ran MSE and Bitdefender and could not find anything. Did not have any suspicious service running in the background either. And the pwd used for my WoW account was unique and made of 4 random letters and 4 ramdon numbers (i'm good at memorizing things like phone numbers and pwd).

WoW accounts and Guild Wars accounts get hacked all the time. Hacked is not even a good word imo. Compromised would be a better word imo.

Things like that happens all the time. My iTune account was locked last week because of a potential attack (anyway this is what the msg was saying). I changed my pwd and if there's unwanted transaction on my CC i'll just call and get them cancelled.

Not worthy of a PR. But nice from Sony to do it anyway.

LaP said,

It's hard to know where the attacker got the info.

When my WoW account was hacked people said it was because of a keylogger or because i was using the same pwd for WoW and the mail account tied to it.

The fact is i had no virus or keylogger on my computer. Ran MSE and Bitdefender and could not find anything. Did not have any suspicious service running in the background either. And the pwd used for my WoW account was unique and made of 4 random letters and 4 ramdon numbers (i'm good at memorizing things like phone numbers and pwd).

WoW accounts and Guild Wars accounts get hacked all the time. Hacked is not even a good word imo. Compromised would be a better word imo.

Things like that happens all the time. My iTune account was locked last week because of a potential attack (anyway this is what the msg was saying). I changed my pwd and if there's unwanted transaction on my CC i'll just call and get them cancelled.

Not worthy of a PR. But nice from Sony to do it anyway.

It's been a long time since I've played WoW, but do they lock out your account after many failed login attempts? If they don't, the people that got in were probably using brute force attempts with some tool they wrote.

EDIT: I see from your post below that they do lock the accounts .

He adds that "approximately 93,000 accounts globally" actually had valid sign-in IDs
------------
You can't blame Sony for insecure password or people using the same password for their email adress and other online services.

This happens all the time in WoW for people not having an authenticator.

Sony did what Blizzard does. Locking the account.

I'm surprised they actually did a PR for this. If Blizzard would do a PR every time an account is compromised they would do one every day.

Twisp said,
"...it is likely the data came from another source and not from our Networks"

I love how they use words like "likely" AKA, "we have no idea".

I haven't touched my PlayStation account since the last time. The credit card I used for it expired, so my info is useless to them.

What I do know is I'm getting rid of my PS3 this weekend. Gonna trade it in at Best Buy and use the credit to buy a standalone Blu-Ray player.

Voice of Buddy Christ said,
I haven't touched my PlayStation account since the last time. The credit card I used for it expired, so my info is useless to them.

What I do know is I'm getting rid of my PS3 this weekend. Gonna trade it in at Best Buy and use the credit to buy a standalone Blu-Ray player.

They didn't take any info, and if you haven't signed into your PSN account from your PS3 or emailed to reset it, then your account is in limbo and can't be used.

Don't be too quick to think the info is useless because the CC expired.

When my XBox RRoDed i did not bother cancelling my Live account cause the CC was expired.

Guess what ? The acount renewed automatically even if the CC was expired. Had to do some phone calls to get my money back.

This is something that could happen to any online service. Sony has been transparent in revealing the attack. You can't blame Sony for the hackers out there attempting to login to accounts that are not using secure passwords. Sony took appropriate actions after successfully detecting the attack. What more can you ask for?

Yes - Sony had a fault earlier this year and an outage that was just unheard of but just seeing this story makes me feel better knowing that if attempts were made on my account it would automatically be locked and I would be requested to change my password to something more secure. Good for Sony.

To those who say "This is why I'll never get a PS3" - that's just stupid. You didn't get one either because A) you can't afford it, or B) you're a fanboy of another product (XBOX, Wii, etc.).

(Spork) said,
this is why my ps3 is only my blueray player now

So you don't play offline games because the online service is not secure

People are making this out to be a much bigger deal than it really is. This was not a database compromise like six months ago, and Sony dealt with the issue by locking the accounts, the appropriate response in this case.

Edit: this comment system hates em dashes and truncates them and anything beyond

I thought they said no user data had been stolen and that the account information had been from a third part.

Which from my perspective my question is why does a third party have login information for users.

littleneutrino said,
I thought they said no user data had been stolen and that the account information had been from a third part.

Which from my perspective my question is why does a third party have login information for users.

Most of the login attempts were incorrect. So pretty much, it looks as if those that were successful in logging in were successful because the account email and password were the same from where ever the data was originally compromised.

It appears that many of the people commenting on this article are not familiar with credential redundancy. Many internet users re-use passwords for various services. This password redundancy creates a security flaw for many users. There are many sites that require an e-mail address in order to log in. If a larger website's security was breached and that website made use of e-mail log-in credentials, the assailant now has more than a handful of e-mail addresses and passwords that could be used for other services due to the flaws of credential redundancy.

With such a large database comparison being used, the odds are that some will match up. Approximately ninety-three thousand accounts had both a valid username and a valid password; however, this is a rather small amount in comparison to the number of (not necessarily active) Playstation Network accounts. This sort of attack could have happened to any service, it just happens to be Sony playing victim in this case.

Commenting is disabled on this article.