Late last night, Chief Information Securty Officer Philip Reitinger announced that attempts to test a list of account IDs and passwords had been detected and mitigated. About 93,000 of these attempts were successful (60,000 of these being PSN/SEN accounts, and the rest SOE), but Reitinger stated this was only a very small fraction of number of attempts made, leading him to believe this was a list accrued from an outside source.
The accounts affected have been locked down, requiring password resets or validation to enable use of the accounts again. Further still, the affected accounts that showed activity prior to being locked are being reviewed for unauthorized access. However, Reitinger stated that credit card information is not at risk. He ended the announcement by advising readers to take internet security seriously by using unique, hard-to-guess passwords.
Analysis: Attacks like this are really common in the computer security world. Whether the public wants to believe it or not, username and password lists get leaked and stolen quite often. Many times, the credentials are then tested at various places across the web in an attempt to gain access to more personal information and/or perpetrate identity theft. This highlights the importance of keeping your passwords unique across the board. This sounds like an arduous task, but devices such as password keyrings allow you to use unique passwords everywhere without having to remember them all.
That said, given how run-of-the-mill this attack seems, announcing it may be more of a PR stunt than anything else. Many said the same when Reitinger was hired, but he does have real experience and the swiftness in dealing with this attack and its announcement may testify to that. At the end of the day, regardless of whether or not it’s a PR stunt, I’d prefer Sony rectify issues quickly and announce every little thing rather than act slowly and never notify the consumers.