The February 2023 issue of IEEE Spectrum is here!

Close bar

Sony Finds Another 25 Million Customer Accounts Likely Taken

This time from Sony Online Entertainment servers

2 min read
Sony Finds Another 25 Million Customer Accounts Likely Taken

The Sony data breach story just keeps getting worse and worse. News reports yesterday stated that Sony had discovered in its continuing investigation into the Playstation Network breach that apparently the hackers had also been able to initially penetrate Sony’s Online Entertainment (SOE)  servers and possibly stolen information from some 24.6 million customer accounts, bringing the total number of compromised accounts to over 100 million.

The Sony press release on the latest (or currently first known breach) also said that:

“…information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained. We will be notifying each of those customers promptly.”

Sony went on to say that:

“We apologize for the inconvenience caused by the attack and as a result, we have:

1) Temporarily turned off all SOE game services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.”

Sony has declined to appear today before the US House Subcommittee on Commerce, Manufacturing, and Trade to discuss the data breach(es), but said it would be responding to the questions (PDF) sent to it by the subcommittee last week. Sony said that it was too busy with its ongoing investigation to appear.

Epsilon, which had a major data breach of its own recently, also declined to testify, although it has reportedly already answered subcommittee questions about its breach. There was no reason given as to why Epsilon declined to appear. My guess is that it didn’t want to be the only piñata in the room. 

The Conversation (0)

How Police Exploited the Capitol Riot’s Digital Records

Forensic technology is powerful, but is it worth the privacy trade-offs?

11 min read
 Illustration of the silhouette of a person with upraised arm holding a cellphone in front of the U.S. Capitol building. Superimposed on the head is a green matrix, which represents data points used for facial recognition
Gabriel Zimmer

The group of well-dressed young men who gathered on the outskirts of Baltimore on the night of 5 January 2021 hardly looked like extremists. But the next day, prosecutors allege, they would all breach the United States Capitol during the deadly insurrection. Several would loot and destroy media equipment, and one would assault a policeman.

No strangers to protest, the men, members of the America First movement, diligently donned masks to obscure their faces. None boasted of their exploits on social media, and none of their friends or family would come forward to denounce them. But on 5 January, they made one piping hot, family-size mistake: They shared a pizza.

Keep Reading ↓Show less