Cybersecurity25 million more users hit in second cyber attack on Sony

Published 4 May 2011

Japanese electronics giant Sony recently announced that hackers successfully broke into its networks and stole sensitive data from more than twenty-five million online gaming subscribers; the announcement comes days after Sony’s admission that seventy-seven million users had their personal information stolen; in the most recent attack, hackers infiltrated Sony’s Online Entertainment network and stole names, addresses, emails, birth dates, and even phone numbers from online gamers; some analysts estimate that the attacks could cost Sony and credit card companies as much as $1 to $2 billion

This time, 25 million users information was stolen // Source: slashgear.com

Japanese electronics giant Sony recently announced that hackers successfully broke into its networks and stole sensitive data from more than twenty-five million online gaming subscribers.

The announcement comes days after Sony’s admission that an additional seventy-seven million users had their personal information stolen. In the most recent attack, hackers infiltrated Sony’s Online Entertainment network and stole names, addresses, emails, birth dates, and even phone numbers from online gamers.

According to Sony, the first attack resulted in the loss of data from an outdated 2007 PlayStation Network database that contained financial records for gamers.

In a statement to its subscribers, Sony, said, “We had previously believed that SOE (Sony Online Entertainment) customer data had not been obtained in the cyber-attacks on the company.”

But, “on 1 May we concluded that SOE account information may have been stolen.”

The attack is believed to have occurred on 16 and 17 April, several days before the larger PlayStation attack that occurred on 20 April.

The company sought to ease fears by stating, “There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.”

It also said that the financial data that hackers stole was encrypted.

Taina Rodriguez, a spokesperson for Sony, said that so far there has been no evidence that the stolen information has been used for any illegal activities.

To be on the safe side, Sony has issued warnings to its customers to be wary of any emails, phone calls, or letters asking for financial data from sources claiming to represent Sony.

Sony will not contact you in any way, including by e-mail, asking for your credit card number, social security number or other personally identifiable information.

If you are asked for this information, you can be confident Sony is not the entity asking. When SOE’s services are fully restored, we strongly recommend that you log on and change your password.”

As Sony investigates the cyber attacks, it has temporarily shut down its Sony Online Entertainment Network services.

The company explained, “In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down, effective immediately.”

Subscribers who have paid for the service will be given an additional thirty days of time free of charge in addition to an extra day for each day the system remains down.

Some analysts estimate that the attacks could cost Sony and credit card companies as much as $1 to $2 billion.

“This may be the mother of all data breaches at this point,” said Larry Ponemon, chairman of the Ponemon Institute, an organization that studies the cost of data breaches.

Large data breaches in the past have included the 2008 attacks on Heartland Payment System where hackers stole 130 million credit card numbers and a 2005 attack on TJX where as many as 100 million accounts were hacked.