More Than 12,700 Credit Cards Stolen From SOE

Sony's security problems continue to mount, as the intrusion that brought down Sony Online Entertainment this morning is linked to the theft of more than ten thousand customer credit card numbers.

According to Japanese news site Nikkei.com, Sony became aware of this latest cyber attack on Sunday, which lead to the shutting down of all of SOE's online gaming operations early Monday morning. Attempting to visit the home pages for popular games like Free Realms, DC Universe Online, and massively-multiplayer online role-playing game granddaddy EverQuest continues to result in the following down for maintenance message:

We have had to take the SOE service down temporarily. In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately. We will provide an update later today (Monday).

Hopefully that update will shed more light on the stolen card numbers, allowing players of those games to take appropriate action in a timely fashion.

Kotaku has contacted Sony Online Entertainment and awaits further word on the credit card issue. The company did tell us that this was not a separate attack, and that service going down was "related to the ongoing investigation of the external intrusion that occurred in April".

They are of course referring to the large-scale cyber attack that has had the PlayStation Network down since late last month and compromised the personal information of millions of Sony customers.

Sony suffers another major security breach [BGR]


Comments

    But is only card numbers that where stored/saved on PSN. Or did they keep a copy of all cards that where used?

    I guess this is now a bigger story then before because not only have PS3 users most likely lost their details and if they played SOE MMO's have their CC details taken but PC users might be effected by this. I can just see the rage...

    Yah. Sony make believe it isn't happening.

    Since I had a SOE account for DCU for the PC for 1month I now probably have my personal details stolen.

    Credit card data appears to be stolen from an old database 2007. And the users affected so far are in Europe. Expect more emails from Sony.

    Well, this is it for me. This is where Sony and i part our ways. Unbelievable to witness this kind of incompetence on such a massive scale. I was so happy i didn't use my CC on PSN, but i did use it for the PC version of DCUO. Already killed my CC and ordered a new one after i heard this news. Bloody unbelievable. I am packing in my ps3 as i type this and gonna trade the POS in for a Xbox later today. I am so mad and disappointed right now :(

      Whinge whinge whinge. It could have happened to any network, to any company in the world. It is the risk of using the internet. And we have yet to even see any proof that anyone has lost anything. Get over it!

        Give me a break. It could happen to any network, to any company in the world you say? If it could happen it would happen. Every fortune 500 company is under constant threat, yet none, NONE have lost over 100 million data sets. "Risk of the internet" my ass.

          I'm sorry to say I think you are simply being melodramatic. You weren't really inconvenienced in that much of a way (other than the loss of a gaming network, big whoop), there is still no proof that you any real credit card details were lost and that you are at risk, and yes it is the risk of the internet.

          The worst thing that happens is you call your credit card company and get a new card... You will not lose anything. The horror of it all!

            Well, it doesn't matter anymore. Hubby brought the playstation to the shops and sold it. In the meantime i get to set up everything from scratch again. EVERYTHING, from my woman's weekly magazine to my youngest son Xbox and Superman subscriptions to my husbands "beer of the month" membership. But like i said, melodramatic or not, no more Sony products, electronics, digital entertainment or otherwise. No more laptops with exploding batteries, no more music cd's with sneaky viruses hidden on them and no more data thefts. Good day to you sir.

      How does a cyber attack earn a perfectly good PS3 the title of POS...

      seriously the machine is fine, it's the hackers that are busted.

      sure crack it at Sony too for making themselves a target so sure ditch it because your pissy and paranoid but be honest about where the blame lies (face it their hardware is still ace).

    Sony just can't catch a break. Mind you these hackers must be bold to continue their attack on Sony when they must already be looking to try and track down the people behind this.

    Oh look, another 25 million customers got the royal treatment from Sony. These guys are so awesome. I am truly blessed my kids own so many Sony products (not) They pack everything, from CC details to hashed passwords to addresses in one, convenient file (not encrypted of course) and hide it behind a disgustingly cheap, outdated firewall.
    Personally, me and my husband are done with these arrogant clowns. Everything Sony is now on the "avoid at all cost" list in my household. I promise that the PS3, Bravia, MP3 players, VAIO etc will be out of the house by the end of the week and be replaced with more trustworthy brands.

      You're buying a new TV because Sony's servers got hacked? It would appear Sony aren't the only clowns here...

        Yes sir, everything Sony goes out. Call me downy all you want, but i think that is best for everyone involved. And no, it is not "just" because of poor network security. Ever had a doa Bravia and called Sony support? nah, dont think so.

          I just don't see the logic? I mean, I'd understand never buying another Sony product again, but getting rid of ones you've already got in your house that are working fine and are not in any way vulnerable to security breaches on Sony's servers?

            Well, i suppose it was a bit of over reaction. But it is me, a mother of 3 kids with several game / magazine / Xbox subscriptions etc each via our CC, who gets to set everything up from scratch again. Not to mention this horrible thought in the back of my mind that MY personal data is out there where it can cause substantial damage to my name. So maybe you are right, maybe we keep the T.V, but i can assure you that Sony has pissed me off so much this time that no new electronics in this household will come from Sony.

            Logic? Who needs logic?

            I raided my own house after hiring a group of Navy Seals and borrowing a number of Apache attack helicopters to forcibly remove my PS3 from my house.

            I then teabagged and desecrated the PlayStation's corpse and announced that it had to be buried within 24 hours due to Sony's religious laws. So I buried it at sea from the USS Beat-Off by dragging it off the end of the take-off strip attached to an F22.

              Clear something up for me Johnny, I heard unconfirmed reports that your PS3 grabbed one of your Sony Bravias and used it as a shield. Is that true? Or did the Bravia just willingly leap into the line of fire?

      I am in no way a Sony fan but feel the need to point out that this "They pack everything, from CC details to hashed passwords to addresses in one, convenient file (not encrypted of course) and hide it behind a disgustingly cheap, outdated firewall" is completely false.

      Unless you have evidence otherwise, from what I have read personal information was kept separate from credit card info, and was unfortunately not encrypted, however I wouldn't be surprised if many organisations didn't encrypt personal information.

      Credit card information WAS encrypted and due to that is possibly inaccessible to anyone who has stolen the information. Of course if the hackers were skilled enough to get the information they may be skilled enough to break the encryption.

      As for the 'disgustingly cheap and outdated firewall' comment well unless you work at Sony you would have no way of knowing this, but I can almost 100% guarantee that their network security was not disgustingly cheap or outdated and would have comprised of more than a single firewall.

      I understand your anger, you have a right to be angry that your personal information might be out there. However the statements you made aren't reasons to be angry at Sony as they just aren't true. In fact at the moment I don't believe there's any evidence that the information is for sale either.

        Hate to bust your bubble. Sony admitted that the stolen info was hashed and not encrypted, believing that it was just as secure. And Sony had no firewall to keep the hackers out. They used modded ps3's that allowed access to developer only network that was used for debugging. At that point they had unfettered access to all of the info on the PSN. If your wondering how they compromised all the other games, my best guess is that since the were all run by SOE, had already compromised there servers, the info was just a few keystrokes away.

        Also since SOE hasn't committed on how they were hacked or what info was stolen, it leaves people to believe the worst case scenario. Also a unsubstantiated report floating around was that the hackers were attempting to sell the info back to Sony.

        On the whole I WAS a Sony fan, as far as gaming consoles go, however, I'm not a Microsoft or Nintendo fan either.

    Oh yea, the reason i am so irritated right now is because our son plays Superman online (or something like that) on our pc. We used our card 2ish months ago, details that are now up for sale thanks to Sony. Apology NOT accepted.

    If this is related to the original intrusion from 17 - 19 April, and they only just found out on Sunday, thats pretty hopeless. Or they tried to keep it under wraps.

    I also think it strengthens my theory that they have actually had problems before 17 - 19 April, as a lot of users, including myself, were unable to access PSN for a week or more prior to the PSN shut down. I think at first only some of their servers were breached, but they kept quiet about it until it got to the point where so many people were impacted they had to 'fess up.

    That really does suck, I'm not going to wait around anymore, cancelling my card today.

    http://www.youtube.com/watch?v=vJ4sEXiRP4k&feature=related

    7 second summary of Sony's handling of this whole fiasco.

    It seems more and more likely that it was an internal attack. I suspect someone of ill repute plugged their Apple clamshell laptop into a building sized sever in Sony's data center running Windows for Workgroups, banged randomly on their Dvorak keyboard and syncopated their hard drive with the user/credit card tables in Sony's MS SQL Server Express database.

    They unencrypted the data by looking at their computer screen in the mirror. A reverse cypher, clever!

    If this is part of the original intrusion since 17th of April, does it mean the hackers still had access to the server until yesterday, since SOE still had their server up and running ?????????

    From what i have been reading, this was in the same attack that happened weeks ago so it has seriously taken this long to find this out... That is just poor form.

    As has been said above - i think this happened alot sooner then before Sony took down the PSN. Sony would only being down the PSN if they had no other alternative and they would have tried to do other things before they were forced to do that, which makes me believe that they knew they were being hacked possibly days or a week before they took it down. If that is also the case then that is even poorer form.

    According to Blues News it was "approximately 12,700 non-US customer credit or debit card numbers has been compromised". http://www.bluesnews.com/s/121301/soe-security-update

    Turns out it was 10,000 debit cards not credit cards and they were stolen from a database that went out of use in 2007. This leads to the question on what SONY plans to do in the future with old information (i know most companies retain the information, though they should delete it once it becomes obsolete).

      No that is incorrect. There was 12,700 CC info stolen AND about 10,000 debit cards from very specific countries - Austria, Germany, Netherlands and Spain. ATM it is only confirmed that the debit cards came from the out of use database but the CC's are still tbc as to their origin.

Join the discussion!