Jump to content

Sony attacked again, 12,700 non-US CC numbers feared stolen


nsane.forums

Recommended Posts

nsane.forums

The hits just keep on coming when it comes to Sony's online services. We've been promised that the PlayStation Network will be back online very soon, but now Sony Online Entertainment has taken its services offline. This is the company that brought us DC Universe Online, the for-pay superhero MMO.

Here's what Sony has announced so far:

Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

In a twist, the company has also announced a number of older credit card numbers and expiration dates from an older, 2007 database may have been compromised. "...12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained—we will be notifying each of those customers promptly," Sony explained.

The services have been taken offline, the security is being strengthened, and an outside, "recognized" security firm has been called in.

This could be a much larger problem than the PSN hack, with for-pay games being taken offline, and older credit card data being potentially stolen. We'll be following this story as it develops.

view.gif View: Original Article

Link to comment
Share on other sites

  • Replies 5
  • Views 1.3k
  • Created
  • Last Reply

This is why you shouldn't pay for games and certainly not register them :rolleyes: (Nah, not really...)

This is pretty sad though...

Link to comment
Share on other sites

its sad that companys like sony doesnt take seriously security

they are concerned about the piracy of games but security no... its very sad

Link to comment
Share on other sites

This is why you shouldn't pay for games and certainly not register them :rolleyes: (Nah, not really...)

This is pretty sad though...

Nah, this is why $ony shouldn't fuck with hackers or customers and remove features that was advertised or try to assert that THEY own the hardware even though you have paid for it.

PS3 was left quite alone in comparison for 4 years, then they screwed many hackers by removing OtherOS function in fw update which is specifically why so many came together and blew PS3 security wide open in retaliation, thus RE-enabling OtherOS, Homebrew and piracy in process.

Fair enough this incident is separate to the actual consoles security but it all sprouts from the same hatred of $ony's actions.

Link to comment
Share on other sites

majithia23

UPDATE --- "very professional, highly sophisticated" criminals attacked Sony servers , says Officials ...

Sony executives say that the people responsible for the attack that forced the company to shut down its PlayStation Network and other services and compromised data belonging to 77 million customers were "very professional, highly sophisticated" criminals who were able to infiltrate several of the company's servers and remove an unknown amount of data.

In a letter to the House Commerce Committee, Kazuo Hirai, chairman of the board of Sony Computer Entertainment America, said that the company first discovered the attack on April 19 when some of its network engineers saw that some of the PSN servers were spontaneously rebooting. The company's security team began investigating the intrusion, and soon discovered that some data had been stolen, but couldn't determine how much or what kind of information was taken.

What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes," he said in the letter.

The attackers, whom Sony has not identified yet, were able to steal information from every one of the 77 million PSN accounts, Hirai said. "Information appears to have been stolen from all PlayStation Network user accounts, although not every piece of information in those accounts appears to have been stolen," the letter says.

Hirai, who was responding to questions about the PlayStation Network attack from the committee's chairman, also said that the attack and another potentially related intrusion that the company discovered on May 1 may be the work of the collective known as Anonymous.

When Sony Online Entertainment discovered this past Sunday afternoon that data from its servers had been stolen, it also discovered that the intruders had planted a file on one of the servers named 'Anonymous' with the words 'We are Legion.' Just weeks before, several Sony companies had been the target of a large-scale, coordinated denial of service attack by the group called Anonymous; Hirai wrote in the letter.

Sony didn't notify the FBI, which is investigating the attack, about the incident until three days after ot was first discovered, on April 22. The company publicly disclosed the attack and the data theft on April 26, a week after it was discovered internally.

Hirai says in the letter that at the same time that the attackers were prowling around the company's PSN servers and exfiltrating data, Sony also was being targeted by a series of DDoS attacks. Those attacks not only were causing problems on Sony's network, they also were distracting the company's security team and may have prevented the company from discovering the PSN intrusion sooner.

Details on exactly how the unnamed attackers were able to get into Sony's network are still scarce, but Hirai said in the letter that the attackers exploited a system software vulnerability and took care to cover their tracks by erasing log files and taking other common precautions.

Following the attack on the PSN network, Sony took the entire network offline and has not yet brought it back up.

TS

Link to comment
Share on other sites

  • Administrator

Great, now everyone will blame Anonymous for not allowing them to play games. It's Sony who did this crap by suing an innovator and they are getting what they deserve. They are more or less trying to hide their @ss from Govt. and public anger by putting the blame on Anonymous. -_-

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...