Info Used In Network Attack Likely Didn't Come From Sony
Recently, we heard about another illegal attempt on Sony's Networks.
But it was relatively small and the company has some clarifying statements for those who are concerned.
Firstly, when it was initially announced, Sony chief information security officer Philip Reitinger said it was likely the data used in the attempts came from other sources outside of Sony's systems.
Now, Sony Online Entertainment president John Smedley helped to confirm that statement. In speaking with GameSpot, Smedley said it seems obvious that Sony's system wasn't the source for the log-in information used in the attack.
"It's just simple math. There was such a small percentage of successes. They were attacking with a large number. Because of that, the math tells us it wasn't [Sony's information]. We've said publicly when we were compromised before that the information is out there and could have been used. That was obviously the first thing we looked at. Then we did the mathematical analysis and said, 'Obviously that's not what happened.' I'm not going to say it's impossible [the info came from Sony]. We just think that's not the most likely case."
As for the targeted accounts, after Reitinger said the attack affected "1/10th of 1% of customers," Smedley added that most of those accounts were dormant; i.e., they hadn't been used since the outage earlier this year. Basically, it only got to those accounts where the passwords weren't changed, as the owners didn't ever try to log in. Smedley finished:
"We really strongly encourage users to change their passwords. We can't force them to log in and do that. A great number of these accounts they were going after were dormant accounts. Those people in many cases had not yet done their password change. It takes some work to get them to focus on that."
10/13/2011 10:32:38 AM Ben Dutka