It was revealed
last week that Sony's PlayStation Network database was breached, leaving 77
million accounts exposed. Sony is just revealing today that hackers accessed an
additional 24.6 million customer accounts. In addition, 12,700
"non-U.S." credit cards and 10,700 bank account numbers have been
compromised.
If there is any consolation (however little it may be), Sony
notes that credit card security codes were not obtained.
This additional attack was carried out on Sony Online Entertainment (SOE) and occurred between April 16 and April 17 -- SOE is responsible for massively multiplayer online (MMO) games like DC Universe Online, Everquest, and Star Wars
Galaxies.
Sony notes that:
With
the current outage of the PlayStation Network and Qriocity services and the
ongoing investigation into the recent attacks, SOE had also undertaken an
intensive investigation into its system. Upon discovery of this additional
information, the company promptly shut down all servers related to SOE services
while continuing to review and upgrade all of its online security systems in
the face of these unprecedented cyber-attacks.
Sony goes on to stay that SOE account information retrieved
by hackers includes: name, address, e-mail address, birthdate, gender, phone
number, login name, and hashed password. In addition, the 10,700 "direct
debit records" (accounts based in Austria, Germany, Netherlands and Spain)
include the customer's bank account number, name, account name, and physical
address.
To make good on this latest security blunder, Sony will be
giving customers 30 additional days of subscription service for free. However,
time will only tell how
many customers will be willing to stick around and give Sony a second or
third chance to get things right when it comes to protecting customer data.
