News reports such as one at the Wall Street Journal are coming in about Sony having to suspend some 93,000 user accounts due to a "large amount" of unauthorized sign-in attempts to its PlayStation®Network (PSN), Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) services between the 7th and 10th of October.
The Sony press release says that:
"There were approximately 93,000 accounts (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. As a preventative measure, we will be sending email notifications to these account holders and will be requiring secure password resets or informing consumers of password reset procedures."
It goes on to say:
"Credit card numbers associated with these accounts are not at risk as a result of these unauthorized attempts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked... These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or sources. These were unauthorized attempts to verify valid user accounts on our services using very large sets of sign-in IDs and passwords. "
The WSJ report says that nearly all of the 93,000 accounts affected were located in the US and Europe, with only 600 accounts located in Japan. It also states that the attacks were not against Sony's servers and databases like earlier this year.
In July, Tim Schaaff, the president of Sony Network Entertainment said in an interview that the hack attack on Sony in April that took its Playstation Network offline for a month and cost the company at least $171 million was a "great experience." I trust that this latest hacking attempt only adds to the greatness of the experience.
Of course, the experience was so wonderful that last month Sony quietly changed its PlayStation Network terms of service agreement to keep users from joining future class action lawsuits against the company. Some 55 class action lawsuits were filed against Sony in the aftermath of the hack attacks earlier this year.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.
