24.6 Million SOE Accounts Have Been Compromised

More scary numbers: 12,700 credit and debit card numbers were illegally obtained. Free SOE access will be offered as an apology.

The news keeps on getting worse for Sony and its customers.  Just when it seemed that everything was safe and secure on the SOE front, things took a turn for the worst earlier today. The promised update on the situation has come, and it is scary stuff for SOE users: 24.6 million accounts compromised, “approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.” Sony noted that the information from those 12,700 cards originated from an “outdated” 2007 list, but that isn’t going to do much in the way of assuaging fears for anyone who’s card from that time frame has not yet expired.

It sounds like North American card-holders are in the clear, or at least Sony currently believes them to be (who knows what future turns this unfortunate story will take). All of the credit/debit card info that was illegally acquired belonged to gamers in Japan and the previously cited European nations. Of course, there’s still the matter of those 24.6 million users who’s personal data is now in the hands of hackers. The publisher’s investigation has lead them to believe that the hackers stole the “SOE customer information on April 16th and 17th, 2011”. This would indicate that their data was obtained during the initial security breach.

The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:

  • name
  • address
  • e-mail address
  • birthdate
  • gender
  • phone number
  • login name
  • hashed password

In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:

  • bank account number
  • customer name
  • account name
  • customer address

SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a “make good” plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.


MTB reported in our previous coverage that Sony insisted the SOE and PSN services were completely separate; this would seem to indicate two different attacks of a similar nature took place. Sony has not spoken on that matter though, so there’s currently no way of knowing exactly how it all went down. All signs point to the same hackers being responsible.

Regardless of what the exact nature of the attacks were, the situation continues to worsen as new details go public on an almost daily basis. Users around the world of either of Sony’s online services would do well to take the preventative measure of canceling their cards. There’s no telling what other (if any) disheartening news will come to light as the story develops further.


[Source: Sony Online Entertainment]

Nick Santangelo
Nick Santangelo
Nick Santangelo

MASH Veteran

Nick has been a gamer since the 8-bit days and a member of the MTB editorial team since January of 2011. He is not to be interrupted while questing his way through an RPG or desperately clinging to hope against all reason that his Philly sports teams will win any given game he may be watching. Seriously folks, reading this acknowledges that you relieve MTB of any and all legal liability for his actions.

The Latest from Mash