Sony: Hackers May Have Stolen Info From 24.6 Million Customer Accounts

6:20 PM PST 05/02/2011 by Carolyn Giardina

The company admitted last week that user account information had been compromised on its PlayStation and Qriocity online services.

Hackers may have stolen customer information from approximately 24.6 million Sony Online Entertainment accounts, Sony admitted Monday.

The news comes on the heels of Sony’s admission last week that user account information had been compromised in a hack on Sony’s PlayStation and Qriocity online services, which have been down since April 20 and are expected to begin to be restored this week.

PlayStation has more than 60 million registered accounts worldwide.

Stolen information from the attack on Sony Online Entertainment — maker of multiplayer online games -- might include information from an outdated database from 2007, which includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and roughly 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain. Sony believes the information that may have been taken from the direct debit records includes bank account number, customer name, account name and customer address.

According to Sony, the personal information of the roughly 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, includes: name, address, e-mail address, birthdate, gender, phone number, login name and hashed password.

“Upon discovery of this additional information, the company promptly shut down all servers related to SOE services while continuing to review and upgrade all of its online security systems in the face of these unprecedented cyber-attacks,” SOE said in a press release on Monday. “Sony is making this disclosure as quickly as possible after the discovery of the theft, and the company has posted information on its website and will send e-mails to all consumers whose data may have been stolen.”

According to the announcement, illegal intrusions on the system may have occurred on April 16 and 17.

Sony apologized to customers and is providing free services to assist users in enrolling in identity theft protection and related services and programs.

Sony is also preparing make-good plans that will include 30 days of additional time for subscribers, in addition to compensating them one day for each day the system is down.

An SOE security update can be found here and the full announcement can be accessed hereSony also posted additional information Monday on the PlayStation blog, which can be found here.

comments powered by Disqus