Sony Discloses Attempts to Access Customer Accounts

93,000 Accounts May Have Been Exposed
Sony Discloses Attempts to Access Customer Accounts
Sony says it has uncovered illicit attempts to test the sign-in identifications and passwords on its Entertainment, PlayStation and Online Entertainment networks. Less than 0.1 percent of its audience - about 93,000 accounts - may have been exposed, according to a blog posted by the company's new chief information security officer, Phillip Reitinger (see Ex-DHS Official Becomes Sony's CISO).

Sony has turned off the accounts of about 33,000 Online Entertainment customers, sending them e-mails to advice them how to validate their account credentials and have the accounts turned back on.

"These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources," said Reitinger, a senior vice president. "In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our networks. We have taken steps to mitigate the activity."

Reitinger said only a small fraction of the 93,000 accounts showed additional activity before Sony locked those accounts. Sony is reviewing those accounts for unauthorized access and Reitinger promised more updates as the company has them. The CISO said credit card numbers associated with the accounts were not exposed.

Sony is requiring customers whose accounts may have been exposed to reset their passwords.

In April, Sony's PlayStation gaming network and Qriocity music service fell victim to a massive breach, exposing the accounts of at least 77 million customers (Sony: DDoS Masked Data Exfiltration).


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.