Posted 1:19am

An Important Message From Sony’s Chief Information Security Officer

We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.

Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.

As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password.

Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on.

We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.

Did you enjoy this?

Comments

107 Comments 0 Author replies
Show oldest first  
AaronSOLDIER 12 October, 2011 @ 3:24 am   1

OH NOEZ!

 
bitbydeath 12 October, 2011 @ 3:28 am   2

Thanks for letting us know Sony.

…Now about that Starhawk Beta, do we get it with Uncharted 3 as well?

Aaron_champion 12 October, 2011 @ 3:32 am   3

Is PSN going to go offline

 
DEATHWISH2478 12 October, 2011 @ 3:41 am   4

if it was going to go offline for this incedient i think the psn would have been turned off by now and the CISO would have told us this too and why that had happened. so i would assume for now we will be online psn still

 
REHCTUB3000 12 October, 2011 @ 4:06 am   5

atleast they told us straight away this time

 
Stonesthrow 12 October, 2011 @ 4:31 am   6

Who does this kind of stuff? :s

Offtopic, I’ve had this problem several times by now, that the included codes to redeem don’t seem to work.. Most recently the Ico/Sotc collection’s dynamic themes.. Sometimes the codes work later but mostly not at all.. I’ve been wondering whether to contact my local gamestore about this or Sony itself..

 
street_spirit_1 12 October, 2011 @ 4:59 am   7

Thank you Sony for telling us. Any another company would of tried to hide this.

 

AN IMPORTANT MESSAGE FROM ME:
DON’T USE YOUR PSN ACCOUNT TO XXX SITES

 
Darkliquid 12 October, 2011 @ 5:32 am   9

Who wants to bet that all the gaming news websites blow this completely out of proportion and at least one will use the title “PSN Hacked again”

In any case it’s good to see Sony seem to be on top of things and have updated us. Good job guys and girls.

If not from Sony, where’d they get the PSN logins from in the first place? I’m guessing from Trophy sites? they have huge lists of PSN login names..

 
Darkliquid 12 October, 2011 @ 5:54 am   11

@supvic
Doesn’t even have to have been a gaming website at all. Any website could of been compromised and then the login\passwords used to attempt to access the PSN.

Some people use the same login/password combination for multiple websites. It only takes one to be hacked and then all their accounts are at risk.

 
Arkeologen 12 October, 2011 @ 5:58 am   12

Just because the hacking “failed” doesn’t mean the info came from other sites.
Maybe they used lists with passwords and logins from the last big hack-attempt on Sony?
Which could explain why so few succeeded since many changed their info.

 
Darkliquid 12 October, 2011 @ 6:09 am   13

@arkeologon
Everyone had to change their password after the last hack to access PSN again and accounts without a new password remain inactive I believe.

Therefore unless the peoples accounts in question used the same password when rejoining the PSN and it was allowed which I can’t remember if it was or not(silly if was) and people setup the same password (even more silly) then that shouldn’t be the case.

LiLSaMoAn267 12 October, 2011 @ 6:44 am   14

LOL i cant be botherd reading, what are they trynna say?? are they shutting it down again?

 
JonnyPauz 12 October, 2011 @ 6:49 am   15

good to hear it from you guys first this time sony, lets hope that were not in that small number of people effected :)

 

Dammit hackers… go hack a online adult store and leave Sony alone!

Thanks for keeping us informed, good to hear that you on it.

keep up the good work, pity u can’t find the people trying to access the accounts :(

OK, so SONY’s been HACKED again! What i like to know now is?

Where are our FREE GAMES Sony? And how about 250 FREE HOME item’s this time?

U Know we like FREE Stuff…

Come on SONY we u can do it!

By: DCS

 
Ultima-Genesis 12 October, 2011 @ 7:35 am   19

@DCS-UK1

*sigh* no they havent been hacked, it was most likely someone using info from the last hack to try and access accounts, a hack wouldnt have been flagged as an unauthorised account access it would be flagged as a server breach, my guess is they gathered a bunch of passwords and usernames and launched a brute-force attack, using a program to enter them all one at a time and logging each successful login. Meaning the most they can do is buy stuff on your account which sony will refund

PippiHelmer 12 October, 2011 @ 7:44 am   20

Kudos for informing us instead of trying to keep us in the dark!

 
kool-chris93 12 October, 2011 @ 7:48 am   21

God I wish these hackers would get a life… So pathetic

 

Hackers are like taggers — under the illusion that what they’re doing makes them cool.

Hmm this would explain the
E-Mail I got that said I bought membership to dcuo eventhougt i didint buy anything

Immortal-Wolf- 12 October, 2011 @ 8:04 am   24

well well i guess anonymous are trying to hack PSN again!!!!!!
so im just gonna change my password again for my own safety.

 
maddogarchie64 12 October, 2011 @ 8:07 am   25

might as well change password even if your not effected

 
Ultima-Genesis 12 October, 2011 @ 8:08 am   26

anon did not hack sony ever

 
Skookie30 12 October, 2011 @ 8:11 am   27

I‘m so worry & confuse.

is this a Failed hack (Doss) attempt, as i read the words companies so you telling me we can’t use our browser to shop online or vist [DELETED].

& game mag sites (1up, EG, thesixithaxis etc) that actually use our Email address as part of to sign in or buy stuff.

this is very worrying is it the later, next you be getting rid of the browser let hope not.

as for the hackers you got alot of spare time to try and attempt another attack if this in deed you’re doing, need to get a proper job.

 
Skookie30 12 October, 2011 @ 8:17 am   28

I‘m so worry & confuse.

is this a Failed hack (Doss) attempt, as i read the words companies so you telling me we can’t use our browser to shop online.

& game mag sites (1up, EG, thesixithaxis etc) that actually use our Email address as part of to sign in or buy stuff.

this is very worrying is it the later, next you be getting rid of the browser let hope not.

as for the hackers you got alot of spare time to try and attempt another attack if this in deed you’re doing, need to get a proper job.

*i had to edited & rewrite my post*

 
Skookie30 12 October, 2011 @ 8:18 am   29

*latter

 
timewarp87 12 October, 2011 @ 8:23 am   30

i usef ps3trophiespro on android and there were comments in the app rating box about accounts being hijacked after using that app.

 
timewarp87 12 October, 2011 @ 8:26 am   31

sony told me ico codes being activated on 10th as some stores didnt activate properly or at all

Time for a new firmware?

While you’re at it, include new (non google) webbrowser…

 
ManicMitch1 12 October, 2011 @ 8:56 am   33

Good job Sony thanks for letting us know

 
Skookie30 12 October, 2011 @ 9:01 am   34

@ Sp4reNL

if you are are worry about goggle spying it already happen i know about if you put your real name and PSN id in the search engine you be shocked.

like i was i told me mum she got a lappy she wasn’t please so yes non goggle.

google tracks your activity on the blog, the forums, youtube, twitter i‘m 100% sure google is breaking UK law under the data protection act.

 

Thanks for letting us know and it’s good that the security has held up. One would have thought that other companies would have beefed up their security after the example of PSN.

 

And so it begins again. Round two laides and gentlemen.

 
kingofscotland 12 October, 2011 @ 9:15 am   37

These are not hackers just opportunists who have probably bought a list of login details from external website and tried using same details for Psn knowing alot of people use same password for everything. Question is have they tried Xbox live, paypal, eBay etc too but we don’t know about it yet??

Or is that still to come??

Make sure you don’t have same passwords, at least make them work for it rather than just giving them the keys to all your accounts.

Good job Sony for keeping on top of it and letting us know ASAP.

 
Megagold5 12 October, 2011 @ 9:16 am   38

Funny how a load of security issues will change a company. When unauthorised access was gained to my account last year, £100 was spent and I was told that I could either loose the whole account or let them keep the money. Anyone might think I was still bitter. >.>

 
Skookie30 12 October, 2011 @ 9:26 am   39

this is like a War sony fighting…

let me say say this…

“We shall fight them on the beaches, we shall fight them on the landing grounds, in the airfields, in the streets but we shall Never surrender”

*chews on big cigar puts 2 fingers up*

go Sony, sony FTW

HeyMan-HRU 12 October, 2011 @ 9:30 am   40

Good sony stopped it this time.

 
Catkiller1 12 October, 2011 @ 9:32 am   41

I’m going to be realistic here & not whinge like all the other members that have no clue!

Unfortunatley these things happen. Hackers & little nerds in their bedrooms conjuring up viruses, will always happen. It’s just a matter of keeping on top of it, which obviously SONY are, so thanks for that!

Technology eh? Who would have thought that it would never be safe! ;)

 

This is sad news, I’ve changed my password again as a precaution.

the_core44 12 October, 2011 @ 10:04 am   43

@23 Ridiculous statement!

 
timewarp87 12 October, 2011 @ 10:09 am   44

what can get through any male network security ? havent you watched dukes of hazard? wolf whistle means its a wolf

 
bennyrafal 12 October, 2011 @ 10:10 am   45

They only using some standard passwords and logins on PSN and they hope some of them may work… if you use same pass and login in paypayl ebay etc u are in danger, if not – sleep well

 

Please DON’T make the hackers & haters win SONY + i bet you when things happen to the Xbox 360′s Xbox LIVE, MicroSoft wouldn’t tell anyone LoL

 
carmel6359 12 October, 2011 @ 10:27 am   47

WE GOTTA GO THRU THIS MESS AGAIN.YALL CAN GIVE US PLAYSTATION CREDIT POINTS AND FREE GAMES DOWNLOADS AND 250 FREE STUFF INPLAYSTATION NETWORK AS WELL AS A FREE YR OF PLATSTATION PLUS . WE DESERVE IT FOR BEING LOYAL FAN AND STANDING BY YALL SIDE THRU THIS SITUTATION

 

On the ball Sony, your network rebuild seems to be working and you are watching out and reacting quickly. Well done :)

 

I just hacked Philip Reitinger’s hair. Take that Sony!

but… seriously, the internet is already sensationalising this, IGN will be reporting that Godzilla demolished the PSN with his fire breath by the end of the day

Weasel-Dave 12 October, 2011 @ 10:58 am   50

Please people, remember The Hitch-Hikers Guide to the Galaxy and DON’T PANIC!! If you have not received an e-mail from the Sony security people and you can still sign into PSN then you have no problem. Knee-jerk reactionary antics will help none of us, if you are that worried just keep your PS3 off-line for the time being.

Load all