The news keeps on getting worse for Sony and its customers. Just when it seemed that everything was safe and secure on the SOE front, things took a turn for the worst earlier today. The promised update on the situation has come, and it is scary stuff for SOE users: 24.6 million accounts compromised, “approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.” Sony noted that the information from those 12,700 cards originated from an “outdated” 2007 list, but that isn’t going to do much in the way of assuaging fears for anyone who’s card from that time frame has not yet expired.
It sounds like North American card-holders are in the clear, or at least Sony currently believes them to be (who knows what future turns this unfortunate story will take). All of the credit/debit card info that was illegally acquired belonged to gamers in Japan and the previously cited European nations. Of course, there’s still the matter of those 24.6 million users who’s personal data is now in the hands of hackers. The publisher’s investigation has lead them to believe that the hackers stole the “SOE customer information on April 16th and 17th, 2011”. This would indicate that their data was obtained during the initial security breach.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:
- e-mail address
- phone number
- login name
- hashed password
In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:
- bank account number
- customer name
- account name
- customer address
SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a “make good” plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.
MTB reported in our previous coverage that Sony insisted the SOE and PSN services were completely separate; this would seem to indicate two different attacks of a similar nature took place. Sony has not spoken on that matter though, so there’s currently no way of knowing exactly how it all went down. All signs point to the same hackers being responsible.
Regardless of what the exact nature of the attacks were, the situation continues to worsen as new details go public on an almost daily basis. Users around the world of either of Sony’s online services would do well to take the preventative measure of canceling their cards. There’s no telling what other (if any) disheartening news will come to light as the story develops further.
[Source: Sony Online Entertainment]