By Claire Reilly
SYDNEY, NSW: Sony Computer Entertainment Australia has announced that the company has detected “an unauthorised attempt to verify user accounts” on its PlayStation Network (PSN), Sony Entertainment Network (SEN) and Sony Online Entertainment service (SOE), affecting approximately 93,000 accounts worldwide.
The security breach follows a widely publicised hacking incident that affected the PSN earlier in the year. VP and chief information security officer of the Sony Group, Philip Reitinger, issued a statement regarding the issue, which involved attempts to test “a massive set of sign-in IDs and passwords against [Sony] network databases”.
“These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources,” said Reitinger.
“In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.
“There were approximately 93,000 accounts globally…where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked,” he added.
“Please note, if you have a credit card associated with your account, your credit card number is not at risk.”
Click here to sign up for our FREE daily newsletter and Follow Current.com.au on Twitter
Reitinger said that affected network users would be sent an email prompting them to reset their password as an additional security measure. He also urged users to be vigilant against “the increasingly common threat of fraudulent activity online”.
“We want to take this opportunity to remind our consumers about…the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.”
A spokesperson for Sony Computer Entertainment in Australia emphasised that, unlike previous breaches, there was no attack or intrusion on Sony’s data servers, and that the kind of unauthorised log-in attempt was not uncommon in the world of online services.
“This was effectively taking someone else’s data set and trying to use that to access our services,” the spokesperson said. “As soon as we discovered these attempts to verify user accounts, we have taken immediate steps to mitigate the activity.”