Sony Discloses Attempts to Access Customer Accounts
93,000 Accounts May Have Been ExposedSony has turned off the accounts of about 33,000 Online Entertainment customers, sending them e-mails to advice them how to validate their account credentials and have the accounts turned back on.
"These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources," said Reitinger, a senior vice president. "In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our networks. We have taken steps to mitigate the activity."
Reitinger said only a small fraction of the 93,000 accounts showed additional activity before Sony locked those accounts. Sony is reviewing those accounts for unauthorized access and Reitinger promised more updates as the company has them. The CISO said credit card numbers associated with the accounts were not exposed.
Sony is requiring customers whose accounts may have been exposed to reset their passwords.
In April, Sony's PlayStation gaming network and Qriocity music service fell victim to a massive breach, exposing the accounts of at least 77 million customers (Sony: DDoS Masked Data Exfiltration).