Sony Online confirms old credit card numbers lifted during cyber attack; personal info also taken

Sony Online Entertainment has now confirmed that the cyber attack that forced the shut down of the Playstation Network's servers has also affected the servers for the MMO game division. In an updated post on Sony Online Station.com web site, the company admitted that during its investigation of the server attacks it has found that "hackers may have obtained personal customer information from SOE systems." That includes info about a person's name, address, phone number email, address, the person's gender, the person's login name and a "hashed" version of the person's password.

In addition to the personal info, Sony Online has also admitted that some credit card numbers may have also been taken during the cyber attack. Sony said in its press release that the numbers came "from an outdated database from 2007" that still stored "12,700 non-US customer credit or debit card numbers and expiration dates". Sony said the info did not include the card's security codes. Also Sony Online said that "10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained." The company said it is contacting the people affected by this attack. The statement added that Sony Online's main credit card server has not been breached, saying, "It is in a completely separate and secured environment."

While it seemed at first that Sony Online's MMO game servers had been spared from the cyber attacks that affected the console-based Playstation Network, Sony Online has now come to the conclusion that isn't the case. The online servers for MMO games like the Everquest series, Star Wars Galaxies, DC Universe Online and many others are now shut down with no word on when they will come back online. Sony Online says it is working "to enhance security and strengthen our network infrastructure" along with bringing in "an outside, recognized security firm to conduct a full and complete investigation into what happened."

As with the Playstation Network cyber attacks, Sony Online says that its customers should keep an eye on their bank accounts and credit card numbers and keep their personal info safe. Once the Sony Online MMO servers come back online the company recommends to its customers that they should change their passwords. The press release ended with this statement: "Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. "

Report a problem with article
Previous Story

Report: iOS 4.3.3 due in a few weeks

Next Story

Twitter acquires TweetDeck for up to $50 million

20 Comments

Commenting is disabled on this article.

What I'd like to know is WHY was Sony holding 10 million CC numbers in the first place, best policy don't keep them and just make everybody re-enter it when needed

Athlonite said,
What I'd like to know is WHY was Sony holding 10 million CC numbers in the first place, best policy don't keep them and just make everybody re-enter it when needed

People would complain about how annoying that was. You can't win when you're a company like Sony. You just do what you do and you'll always be hated by someone.

I thought companies were not allowed to store old or outdated credit card numbers for data protection and tracking reasons. Way to go Sony. Never trusted them, never will!

Geez... they just can't catch a break (whether or not they could've mitigated the potential damage of these attacks is almost completely mute now that it's happened)!

Indeed, this was prob in response to the 'Geohot' issue. Just a shame that playstation users are victims too...just take comfort in that it hurts Sony much more.

Hopefully though companies will learn from this and both secure their networks better, and think twice before bullying the little guy.

Glad the card I used when I had a PSP was a disposable pre-paid Greendot Mastercard that's no longer active. As for my name, that already can be found on the web such as my Facebook or Whois data and there are other people with the same name. My address and phone number are different than when I had the card activated.

The scary part here is that this intrusion was only found because of a security review due to the PSN intrusion. If that hadn't of happened, who knows when/if they would have figured it out.

I cant help but laugh at Sony for being such dumb*ss*s. Good thing I don't buy Sony stuff anymore.

DrunkenBeard said,
Does this have anything to do with the last GeoHotz/Anon situation ? I find the timing of the attacks pretty suspicious.

My guess, would be, YES!.

I took on the hackers without having all their ducks in a row.

warwagon said,
I took on the hackers without having all their ducks in a row.

All their ducks were in a row... Made for easy picking by the hackers

Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. "

That should read "Sony "Now" takes information protection very seriously"

Regardless of whether this is old information or not. I will no longer be trusting Sony with any of my details. I'm sure there are many that feel this way too.

Ently said,
Regardless of whether this is old information or not. I will no longer be trusting Sony with any of my details. I'm sure there are many that feel this way too.

+1

I sure hope Sony learns from this and works on their security and that the perpetrators are caught and justice is served. I feel terrible for their users.

Jarrichvdv said,
Sony is in big troubles here! That's all I can say about it.

no, this is good news. only old outdated info was taken.

perochan said,
no, this is good news. only old outdated info was taken.

Hardly good news. Not only was personal information stolen, but two separate parts of Sony were successfully broken into. They have other divisions/on-line stores/etc as well besides these two, doesn't exactly scream "confidence". Not being a doomsayer, hopefully for the consumer this is the last, but it really puts them in a very bad way as far as confidence and trust goes. It's going to hurt.