With Sony finally set to get back on its feet after an “external intrusion” caused the PlayStation Network to be brought offline, Sony Online Entertainment have now announced that hackers may have obtained credit card and personal information from thousands of subscribers.
In a press release on the SOE website, the company announced that, despite previous denials, hackers manage to access SOE’s servers, along with the PlayStation Network’s, something that was only discovered “less than 24 hours ago”:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.
Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained. We will be notifying each of those customers promptly.
There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
SOE has taken several steps to ensure that future attacks will not happen, and are attempting to work out what exactly happened:
- Temporarily turned off all SOE game services;
- Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
- Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
Once again, Sony encouraged consumers to look out for email, telephone and postal scams that may come as a result of your data being sold to the highest bidder. Continuing:
When SOE’s services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
The news will come as a blow to Sony, who recently apologised to consumers for the PlayStation Network security breach and downtime.