PS3 News: Sony: New PSN Attack Affects "1/10th Of 1% Of Customers" - PS3 News

Members Login: Register | Why sign up? | Forgot Password?

Sony: New PSN Attack Affects "1/10th Of 1% Of Customers"

Yes, it's another day in the wonderful world of cyberattacks and digital fraud.

It seems Sony has been targeted again, as Chief Information Security Officer Philip Reitinger has confirmed unauthorized activity on the Sony Entertainment Network, PlayStation Network, and Sony Online Entertainment ("Networks") services.

These were attempts on the networks to "test a massive set of sign-in IDs and passwords" against Sony's database; the attempts include "a large amount of data obtained from one or more compromised lists from other companies, sites or other sources." And as the data tested consisted of sign-in ID-password pairs and that most resulted in failed matching attempts, Sony had to recognize the threat.

Reitinger adds that less than one tenth of one percent (0.1%) of PSN, SEN, And SOE customers have been affected by this. Around 93,000 total worldwide accounts have been locked temporarily after the attempts managed to verify valid sign-in IDs and passwords, and "only a small fraction" of those accounts showed any additional activity. Sony is currently checking those accounts for unauthorized access. Also, one final, very important note from Reitinger:

"If you have a credit card associated with your account, your credit card number is not at risk."

For prevention purposes, Sony will ask for secure password resets for the PSN/SEN accounts that had both a sign-in ID and password match via this attempt. If you're one of the few who have been affected, you'll receive an e-mail from Sony at the address connected with your account, and you'll be asked to reset your password. Lastly, the SOE accounts that were matched have been "temporarily turned off."

Like I said before, I kinda miss the good ol' days of Super Nintendos and you know, privacy.

Tags: sony, soe, sonly online entertainment, psn, playstation network

10/12/2011 9:52:15 AM Ben Dutka

Put this on your webpage or blog:
Email this to a friend
Follow PSX Extreme on Twitter

Share on Twitter Share on Facebook Share on Google Share on MySpace Share on Delicious Share on Digg Share on Google Buzz Share via E-Mail Share via Tumblr Share via Posterous

Comments (33 posts)

Condemnedsoul23
Wednesday, October 12, 2011 @ 10:15:05 AM
Reply

:-)

Agree with this comment 0 up, 4 down Disagree with this comment

Sakaxxxx
Wednesday, October 12, 2011 @ 10:15:20 AM
Reply

At least it was not a high number of accounts that were hacked into

Agree with this comment 4 up, 0 down Disagree with this comment

Jdogtoocool
Wednesday, October 12, 2011 @ 10:19:53 AM
Reply

I'm too pro Sony too care

Agree with this comment 10 up, 2 down Disagree with this comment

Condemnedsoul23
Wednesday, October 12, 2011 @ 10:31:51 AM

Same here

Agree with this comment 6 up, 1 down Disagree with this comment

faraga
Wednesday, October 12, 2011 @ 10:36:53 AM

I agree.

Agree with this comment 5 up, 1 down Disagree with this comment

Underdog15
Wednesday, October 12, 2011 @ 11:11:07 AM

Sounds like a giant non-issue that has a solution almost as fast as it had a solution.

Why people are sharing their PSN sign in info with other parties unrelated to PSN is also strange. It's not even like the Sony servers were at risk... people just share their passwords with too many people. -AND- it's less than a tenth of a percent of all users.

Anyone who blames Sony is a moron. Blame the people sharing their info. It's as silly as sharing your credit card info with a 3rd party so they can check your balance for you. (Without the monetary side of things, of course)

Agree with this comment 6 up, 1 down Disagree with this comment

Clamedeus
Wednesday, October 12, 2011 @ 11:18:57 AM

@Underdog

I see that a lot of YouTube, people who want to game share with others than the person who gave the information never gets his account back. I mean like, seriously, you are trusting a complete stranger. Then they blame sony.. Morons..

Agree with this comment 5 up, 0 down Disagree with this comment

D1g1tal5torm
Wednesday, October 12, 2011 @ 11:27:26 AM

Sounds like an attempt using the data from the orig attack.

Most users I guess will have changed, xcpt those with old multi/redundant accounts.

Agree with this comment 1 up, 0 down Disagree with this comment

Underdog15
Wednesday, October 12, 2011 @ 11:36:17 AM

@digitalstorm

There are some sites that take and store PSN data. For example, there are some gamertag or trophy card websites that require the email you used for PSN and the PSN password in order to generate your trophy card. There are also unlicensed iphone apps that also store your info to check on friends, etc.

It's more than possible you could hack one of those websites and steal sign in data that way.

Not that you are wrong (you might be right), but there are other possibilities as well.

Last edited by Underdog15 on 10/12/2011 11:36:34 AM

Agree with this comment 0 up, 0 down Disagree with this comment

Jdogtoocool
Wednesday, October 12, 2011 @ 11:42:08 AM

Lol why are y'all replying on my post underdog has a very genuine point and could have started it as a standalone post

Agree with this comment 0 up, 8 down Disagree with this comment

Underdog15
Wednesday, October 12, 2011 @ 1:04:01 PM

Uh.... sorry?

...

Last edited by Underdog15 on 10/12/2011 1:04:33 PM

Agree with this comment 1 up, 0 down Disagree with this comment

Jdogtoocool
Wednesday, October 12, 2011 @ 2:13:46 PM

I got you bra

Agree with this comment 2 up, 4 down Disagree with this comment

Underdog15
Wednesday, October 12, 2011 @ 5:46:47 PM

But... i don't need a bra... but... thank you?

...

I don't know what's going on anymore.

Last edited by Underdog15 on 10/12/2011 5:47:42 PM

Agree with this comment 3 up, 1 down Disagree with this comment

Looking Glass
Wednesday, October 12, 2011 @ 11:22:27 AM
Reply

@Underdog15

Agreed. This time Sony is actually not at fault in any way, shape, or form. The hackers simply stole information from some other source and tried to use it with the PSN. And this time Sony did everything right with it's handling of the situation. As far as security is concerned Sony has really stepped up it's game and anyone who tries to hold this against Sony is biased, a moron, or both.

Agree with this comment 5 up, 0 down Disagree with this comment

Highlander
Wednesday, October 12, 2011 @ 2:54:55 PM

Indeed!

Agree with this comment 1 up, 0 down Disagree with this comment

Highlander
Wednesday, October 12, 2011 @ 11:26:36 AM
Reply

Hold on;

<<"These were attempts on the networks to "test a massive set of sign-in IDs and passwords" against Sony's database; the attempts include "a large amount of data obtained from one or more compromised lists from other companies, sites or other sources.">>

So, someone used data acquired from other sources to attempt to hack individual accounts - not PSN. Doesn't sound like a PSN hack or an attack on PSN, it sounds like a targeted mass attack on individual consumers.

It's interesting how you might do this, because it doesn't even require people to have carelessly shared their PSN credentials with someone. Let's say that our bad guys scraped PSNIDs, names and email addresses from various gaming forums. Even on our own one here PSN IDs are literally there for all to see. Next, our bad guys might purchase or acquire email addresses and other personal data acquired from other sites. Then the bad guys could cross reference all the data. The result could be a fair number of complete sets of name, PSNID, email address and some personal data that might derive a password. They might even have passwords taken from weaker systems.

We already know that all PSN passwords were reset after the attack on PSN itself. So any passwords used have to come from hacks of other systems or other methods - including phishing schemes.

So really this is not so much an attack on PSN as it is an attack on numerous PSN users specific PSN accounts, the same kind of attack that has been happening to users since the first online services where created. PSN and XBL are simply very high profile services that are easily targeted.

Well, At least Sony a) proactively detected it, b)in the vast majority of cases appears to have prevented harm by locking accounts, and finally c) notified everyone concerned of suspicious activity with their account.

Still, I wonder how the 'tech-ingoretia' at the usual game new outlets will handle this...

Agree with this comment 5 up, 3 down Disagree with this comment

Beamboom
Wednesday, October 12, 2011 @ 11:35:31 AM

Now there's a summary I can agree with without reservation. Almost a bit boring. ;)

Last edited by Beamboom on 10/12/2011 11:36:54 AM

Agree with this comment 1 up, 0 down Disagree with this comment

Darwin1967
Wednesday, October 12, 2011 @ 1:00:00 PM
Reply

Which leaves me wondering which site was hacked of PSN ID's/Passwords....alot of gaming sites (ie. EA) request your PSN ID, would be nice to know which one might have been hacked.

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Wednesday, October 12, 2011 @ 2:54:15 PM

It doesn't have to be any of them. probably millions of gamers have their PSNID/XBL tag on their profile at some site or another - facebook for example. All someone has top do is write a script that scraps the PSN ID, username and email address if available, then they can cross reference that information with information gathered through phishing or other smaller lower profile hacks of other systems. It's depressingly easy to gain sufficient information to guess simple passwords - such as mothers maiden name and such. But also, if you have a membership of a forum somewhere (which inevitably has little in the way of world class security), there's a pretty good chance that the email address and password hash could be lifted from there, so I hope you don't use the same password and email address on PSN...

Agree with this comment 1 up, 0 down Disagree with this comment

maxpontiac
Wednesday, October 12, 2011 @ 1:12:55 PM
Reply

If I were a betting man in Las Vegas, my money would be on one of the following..

1 - Microsoft.
2 - Microsoft financed.
3 - Hackers who are Anti-Sony.
4 - Chicom (Chinese Communists)

Agree with this comment 4 up, 4 down Disagree with this comment

Beamboom
Wednesday, October 12, 2011 @ 2:22:40 PM

Naaah, this looks more like some script kid or a poor criminal attempt. Too unelegant to be anything more professional than that, in my humble opinion. Anyone can sit in their bedroom boiling up these kind of ideas.

Any organization, non-profit or commercial, that has a server connected to the internet has to be prepared for these kinds of attempts. It happens all the time.

So, call or raise? ;)

Last edited by Beamboom on 10/12/2011 2:30:07 PM

Agree with this comment 0 up, 0 down Disagree with this comment

maxpontiac
Wednesday, October 12, 2011 @ 4:42:46 PM

Considering what you described fits #3 on my dubious list, I'll raise that bet.

:)

Agree with this comment 0 up, 0 down Disagree with this comment

Beamboom
Thursday, October 13, 2011 @ 3:00:36 AM

Within the finer circles of honourable individuals there is a big fat line drawn between hackers and script kids. This has the marks of a script kid, not a hacker.

And I call your raise on that it was not anti-Sony. They have just proven to be a rather weak target earlier, therefore stupid kids with no tact or creativity tried their luck. This is just pure dumb. Much like the poor souls who keep feeding the slot machines.

Dealer, do your thing. :)


Last edited by Beamboom on 10/13/2011 3:04:37 AM

Agree with this comment 0 up, 0 down Disagree with this comment

johnld
Wednesday, October 12, 2011 @ 1:15:53 PM
Reply

i wasnt surprised that kotaku were on this right away. comments were in the line of people returning ps3s at gamestop.

on a side note, i got that correct hard disk not found error so i had to reformat ps3. i have all my gamesaves but the painful part is redownloading and reinstalling all the dlcs i had, using a 3mbps connection. then i have to update and reinstall all the games i've been playing. i guess im not playing games for a bit. at least its just in time for batman.

Last edited by johnld on 10/12/2011 1:17:51 PM

Agree with this comment 0 up, 0 down Disagree with this comment

Alienange
Wednesday, October 12, 2011 @ 2:15:47 PM
Reply

You'd be amazed at how little someone who has never given his private info to Sony cares about this.

Agree with this comment 0 up, 0 down Disagree with this comment

Gamer Girl Gemo
Wednesday, October 12, 2011 @ 4:01:19 PM
Reply

Wow, I keep forgetting that the PSN was ever down, but things like this keep popping up and I have to go, "Oh, yeah! The PSN got hacked a while back... I'd forgotten about that!" Sony has made up so well for what happened, even when they were the injured party, that I don't even care that it went down anymore. When I hear stuff like this, it doesn't make me want to quit Sony and leave them, but it strengthens my trust in them because of how they react to the situation and it shows just how much they genuinely care for their consumers.

Let the Xbots and haters alike keep finding their reasons to put down Sony every chance they get. It makes absolutely no difference to my loyalty to such an awesome company.

Last edited by Gamer Girl Gemo on 10/12/2011 4:01:58 PM

Agree with this comment 3 up, 0 down Disagree with this comment

Wraith
Wednesday, October 12, 2011 @ 4:32:41 PM
Reply

At least the attack was only minimal this time, but Sony really needs to get this under control because its ruining their reputation.

Last edited by Wraith on 10/12/2011 4:33:03 PM

Agree with this comment 0 up, 4 down Disagree with this comment

Looking Glass
Wednesday, October 12, 2011 @ 5:37:23 PM

Get this under control? Do you mean keep the hackers from trying to hurt them? You've got to be kidding. That's like saying you're going to try to stop bad things from happening in the world. In all likelihood, as long as there are computers and the internet there is always going to be cyber crime. And in all likelihood, the hackers are never going to stop cyber-attacking stuff.

And this incident was not Sony's fault in any way. The stolen info came from another source and Sony did everything right in it's response to this. They immediately detected the malicious activity, they immediately went public with the news, and they immediately implemented all necessary countermeasures. It's certainly not Sony's fault that the cyber criminals are being their usual a**hole selves.



Agree with this comment 2 up, 0 down Disagree with this comment

bigrailer19
Wednesday, October 12, 2011 @ 6:37:06 PM

You should read the article again. The attack was not on the PSN this time. Someone or a group acquired user names and/or passwords from another source and tried cross referencing them to PSN accounts. They were attacking individual accounts not the PSN. There's a big difference and this is something Sony can not control as the user accounts were obtained elsewhere.

Last edited by bigrailer19 on 10/12/2011 6:38:53 PM

Agree with this comment 3 up, 0 down Disagree with this comment

Highlander
Wednesday, October 12, 2011 @ 10:00:32 PM

+10 for you BigRailer...

Agree with this comment 2 up, 0 down Disagree with this comment

bigrailer19
Wednesday, October 12, 2011 @ 11:36:17 PM

Thanks Highlander. I just don't like to see things get portrayed in the wrong light.

Agree with this comment 2 up, 0 down Disagree with this comment

ThingsOnFire
Wednesday, October 12, 2011 @ 7:02:15 PM
Reply

Well, it's not really Sony's fault, it was the security problems at other sites so....

Agree with this comment 3 up, 1 down Disagree with this comment

BikerSaint
Thursday, October 13, 2011 @ 5:10:22 PM
Reply

I've only got 1 thing to say on the subject....

Whether script kiddies or hackers, all of these effing scumbags need to become gender-changed within 10 minutes of those prison cell barred doors slamming behind their virgin a$$es!

Agree with this comment 0 up, 0 down Disagree with this comment

Leave a Comment

Please login or register to leave a comment.

Our Poll

Got Madden NFL 25?
Yes, and it's great!
Yeah, but I'm a little disappointed.
No, but I plan to get it soon.
...they still make sports games?

Previous Poll Results