Less than a week after admitting that their PlayStation Network had been compromised, Sony Online Entertainment – the company that runs for-pay MMO DC Online Universe – has had to go offline due to a data breach of their own.
Sony is investigating a data breach that affects 24.6m customers that includes the following information:
* E-mail address
* Phone number
* Login name
* Hashed password
In addition to the above, an outdated database that contains credit card information for approximately 12,700 non-US customers that hasn’t been updated since 2007, and direct-debt records for about 10,700 customers in Austria, Germany, Spain and the Netherlands. Sony has stated that there is no evidence that the main credit card database has been affected, and that the database was separate and secure.
The attack has been pinpointed as having occurred on April 16th and 17th. It is unknown if this attack is definitively related to the PlayStation Network attack at this time. In the meantime, SOE has reiterated advice on how consumers can monitor their credit report, and have stated that they are working on “make-goods” for customers of DC Universe Online and Free Realms. In the meantime, all account billing has been suspended, and users will get a free day of service for every day the SOE service is down.
This is an ongoing development, and we will disclose new information as the story develops.
Analysis: You almost feel sorry for Sony at this point. They just simply cannot catch a break, and it’s become a punchline with no joke. With that said, it should be noted that this supposedly happened on April 16th, and the first reports of this occurred on May 2nd. Who the hell is doing network security over there, the Keystone Kops?
At this point, we’re beyond Sony “making good”. All said, this is over 100 million customers having their account information stolen, which can lead to social engineering attacks if nothing else. This is the worst possible scenario for Sony, and it’s unacceptable that we still don’t know much, weeks after the initial attack.
The full press release is embedded below.