PlayStation Network, Sony Online Entertainment attacked

It appears that Sony's revamped, "more secure" PlayStation Network has been put through the test. Philip Reitinger, Sony's Chief Information Security Officer, sent out a notice alerting PlayStation users about an attack on Sony's online services.

5

It appears that Sony's revamped, "more secure" PlayStation Network has been put through the test. Philip Reitinger, Sony's Chief Information Security Officer, sent out a notice alerting PlayStation users about an attack on Sony's online services. It appears that Sony has learned quite a lot since the attack, which forced the company to take down online services for about a month, and recompense users.

Reitinger says that the recent attack doesn't appear to have a connection to this year's security breach. Instead, "these attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources."

"Given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks," Reitinger said on the PlayStation.Blog. "We have taken steps to mitigate the activity."

According to Reitinger, "less than one tenth of one percent (0.1%)" of Sony online users have been affected with approximately 93,000 accounts where the sign-in attempts succeeded. Sony has locked those accounts and will now require secure password resets for affected accounts. "If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password."

Sony's quick action and detailed recount of the attempted breach is a marked improvement over how the company handled the summer's attack. Sony was criticized for taking over 24 hours to provide consumers with clear information surrounding the attacks, initially claiming it was "maintenance."

Affected users shouldn't worry much. "If you have a credit card associated with your account, your credit card number is not at risk," Reitinger added. "We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet."

So, how can smart gamers ensure they won't be affected by the next (seemingly inevitable) attack on their personal info? Have strong, unique passwords that are not "associated with other online services or sites." Also, "we encourage you to choose unique, hard-to-guess passwords." So really. Stop using "password" and "jesus" as a password.

Andrew Yoon was previously a games journalist creating content at Shacknews.

From The Chatty
  • reply
    October 12, 2011 8:00 AM

    Andrew Yoon posted a new article, PlayStation Network, Sony Online Entertainment attacked.

    It appears that Sony's revamped, "more secure" PlayStation Network has been put through the test. Philip Reitinger, Sony's Chief Information Security Officer, sent out a notice alerting PlayStation users about an attack on Sony's online services.

    • reply
      October 12, 2011 8:34 AM

      lmao, Sony will never learn you never say that you are unhackable

      • reply
        October 12, 2011 8:36 AM

        It wasn't a hack. It was a simple brute force attack using password/email pairs leaked from other releases.

      • reply
        October 12, 2011 8:37 AM

        Yep, it'll only trigger a thousand "challenge accepted" out there.

      • reply
        October 12, 2011 9:03 AM

        I disagree; they did learn. Back in April, they got hacked pretty good due to allegedly having insecure server software. Now, in this instance, the worst they get is a large spell of logon attempts that looks like it's reading from a database of known username/password combinations. That's par for online services that are a huge visible target.

        • reply
          October 12, 2011 9:11 AM

          And I think it's important to note that, unlike with the PSN breach, they're actually talking to consumers about it as it happens.

          • reply
            October 12, 2011 9:20 AM

            I agree. I'm quite impressed with their candour.

          • reply
            October 12, 2011 9:31 AM

            "more secure" does come across sarcastic especially with you leading the article that way.

      • reply
        October 12, 2011 9:26 AM

        this is so frustrating. People don't even know what hacking means. Brute forcing username/password lists obtained from OTHER sources is not a hack. These people probably hacked some other websites to get the account information. Being able to apply that information to PSN isn't Sony's fault

    • reply
      October 12, 2011 12:34 PM

      I demand another free game for my troubles and fear that i will be vulnerable to future risk lol =D

    • reply
      October 12, 2011 6:01 PM

      might not wanna brag about stopping hackers. its like putting a bullseye on your back

Hello, Meet Lola