Just yesterday, we reported that Sony would finally begin restoring the PlayStation Network region by region and would strengthen security to prevent future attacks. After two weeks of being completely shut out, gamers would finally get back online. Unfortunately, it seems the company is not out of the woods just yet. Today, Sony Online Entertainment (SOE) confirmed they have suffered a cyber-attack that is putting customer information in danger once again.
The press release states that “hackers may have [also] obtained personal customer information from SOE systems”. This was discovered during Sony’s ongoing investigation of the external intrusion that began April 20th. This system, which is separate from the previously hacked PlayStation Network database, stores the data for online players of EverQuest, DC Universe Online, as well as the many other games associated with this development house. The statement reveals the following pieces of information could have been stolen from player’s accounts:
“Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.”
Although credit card numbers and security codes were not on the list, non-U.S customers should still be concerned:
“Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained. We will be notifying each of those customers promptly.”
This quote emphasizes that only credit card information from 2007 was illegally obtained. Moreover, only 12,700 non US-customers credit/debit card numbers and 10,700 direct debit records are immediately at risk. The severity of the matter seems to be down played because 24.6 million accounts make up the SOE database. However, I doubt this puts the community at ease.
As a way to apologize for the downtime, Sony will give all of their players 30 additional days of gaming free. This would go along with “compensating [customers] one day for each day the system is down”. There are also plans for “Welcome Back” gift that will be similar to the one Sony is currently providing for its PSN users. However, this program seems to be reserved for multi-platform massive multiplayer online (MMO) games like DC Universe and Free Realms, but details have yet to be announced.
While this comes at a very bad time for Sony fans, it is important to note that they caught this much earlier than the previous attack. By shutting down the SOE game services as soon as possible, they have been able to minimize the number of affected users. The company will be sending a “customer service notification via email” to account holders whose data may have been illegally seized. If you play an SOE game, I would recommend checking your emails constantly.
Links: Sony Online Entertainment