Sony Provide Specific Details On Sony Online Entertainment Breach

Sony Online Entertainment has provided specific details on what was initially thought by some to be a second breach of their security - turns out said breach actually stemmed from the initial attack on the PlayStation Network.

The issue was initially discovered by engineers and security consultants going over the first breach.

According to Sony's latest statement...

Personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.

Sony Online Entertainment claimed that they wanted to provide disclosure "as quickly as possible after the discovery of the theft" - a wise move considering the huge consumer backlash over Sony's initial handling of the PSN breach.

SOE also provided specific details of how much information had been leaked, and how many people the leak would affect.

The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:

- name - address - e-mail address - birthdate - gender - phone number - login name - hashed password.

In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:

- bank account number - customer name - account name - customer address.

SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a “make good” plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.

Additionally, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region.

The fact that the initial breach has encompassed so many different areas of Sony's business is alarming. Hopefully this will be the last of Sony's issues and they can continue attempting to rebuild the consumer trust that has been shattered by the constant stream of bad news.


Comments

    Poor Sony. ):

      Poor Sony? More like poor people whose bank accounts have been exposed. This is a lot more serious than encrypted credit card data; how often do you change bank or account number?

      If we're lucky, this too is an isolated incident; if not, it may demonstrate Sony's failure across the entire company to remain accountable to their customers.

      +1 retro.
      Sony don't care about anything other than the money.
      And have a bad view in the public eye will tear it away.

      So they'll act likethey care, but they're just covering their asses.

      Who cares about Sony?
      They failed to protect their customer's security - they were probably funding their IT security with the funds received from their free PSN service.
      Hackers are attacking all the time - Unlike Google, Amazon, Yahoo, Microsoft and all other companies under constant cyber attack, Sony failed to identify and disrupt the breach in time.
      The amount of private information divulged is staggering.
      Sony won't ever see a dime from me again.

    My days of buying things via my CC on the store are over. If I want DLC I'll use those prepaid cards. It really sucks that this is happening to Sony. But that doesn't change the fact that I gave them my details with confidence and they allowed them to be stolen.

      Hear hear, Andrew. I shall be doing the same - once the service comes back up and I can change my password.

    Well, now I know for sure that the couple of weeks I spent playing DC Universe Online really wasn't worth it. Time to double check my email password is secure.

    Sony should GTFO!
    I really dislike sony's attitude.

    A free months worth of PSN+ sounds more like marketing.

    In my opinion, Sony are dogs, and karmas been builiding up a big arse slap for a while... And it's finally hit.

    But their my opinions, take it or leave it.

      The catch is at the end of the day I worry the poor fool who used his Credit Card on PSN will be hit worse than Sony.

      Karma is bitch slapping a guy who may not deserve it.

      And yes Fool is accurate, the guy who goes well it's probaly not my Credit Card I won't go though all the hassle of changing things will get caught out. Either that or he has his DC online account hacked and they steal his Batmobile. I have no idea about DC online the $5 more screw you Australia policy the game has scared me off.

      Unless the Banks charge Sony for replacement costs of the cards than I don't see them getting a karmic backlash.

    Or UNO you could monitor your credit card transactions and alert your bank of suspicious behavior, as you should do anyway.

    They had the direct debit details for customers in Europe in a data center in San Diego? I hope not - if so that's going to run into some pretty nasty territory, since I think the EU has laws about storing sensitive personal data like that outside of EU countries.

    I think everyone is being a bit unfair on Sony. It's not as though they left everyones details unattended on a table at a bar. The person/people who did this were professional criminals. Banks get robbed all the time but do people blame them for being robbed? No. The criminals are at fault here, not Sony. It's not their fault that they aren't as smart as the bad guys. They are just as much a victim as you and I. Grow up people, blame the people responsible

      "It’s not as though they left everyones details unattended on a table at a bar."

      Technically, they did. They used two data tables - one for holding credit card information and the other for all other details such as names and address.

      The horrifying thing is only the table holding the credit card information was encrypted. The other table was not and Sony puts its faith in a layering of networks etc.

      They teach this sort of thing in high school - if the data is important, encrypt it!

    Haters are funny. I am not saying Sony is not smug. But MS is not much better. Everyone goes for the same thing for all of their products. They sell you a core of a machine for almost nothing. Then they start charging for all the little bells and whistles, and you spend just as much as their competitors. And haters hand their wallets to them every month and smack Sony....funny.

      No, the funny part is that you lack basic reading comprehension and turned a major breach of trust and failing in professionalism into console warrior bullshit.

      This has nothing to do with Microsoft charging what you believe to be unfair prices for products. This is about a company failing to adequately safeguard the private information of customers. The same thing would be said about Microsoft, had this happened to them.

    Serves Sony right. If you sue the hackers expect to get hacked.

    So subscribers get compensated, as do the MMO players, what about the rest of us?

Join the discussion!