It appears that Sony's revamped, "more secure" PlayStation Network has been put through the test. Philip Reitinger, Sony's Chief Information Security Officer, sent out a notice alerting PlayStation users about an attack on Sony's online services. It appears that Sony has learned quite a lot since the attack, which forced the company to take down online services for about a month, and recompense users.
Reitinger says that the recent attack doesn't appear to have a connection to this year's security breach. Instead, "these attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources."
"Given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks," Reitinger said on the PlayStation.Blog. "We have taken steps to mitigate the activity."
According to Reitinger, "less than one tenth of one percent (0.1%)" of Sony online users have been affected with approximately 93,000 accounts where the sign-in attempts succeeded. Sony has locked those accounts and will now require secure password resets for affected accounts. "If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password."
Sony's quick action and detailed recount of the attempted breach is a marked improvement over how the company handled the summer's attack. Sony was criticized for taking over 24 hours to provide consumers with clear information surrounding the attacks, initially claiming it was "maintenance."
Affected users shouldn't worry much. "If you have a credit card associated with your account, your credit card number is not at risk," Reitinger added. "We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet."
So, how can smart gamers ensure they won't be affected by the next (seemingly inevitable) attack on their personal info? Have strong, unique passwords that are not "associated with other online services or sites." Also, "we encourage you to choose unique, hard-to-guess passwords." So really. Stop using "password" and "jesus" as a password.