Sony hack losses.

[sergster1]

Following up on this morning's news (First PSN, now Sony shutdowns their SOE network!) that Sony Online Entertainment servers were offline across the board, Sony Online Entertainment announced that it has lost 12,700 customer credit card numbers as the result of an attack, and roughly 24.6 million accounts may have been breached.

The company took SOE servers offline after learning of the attack last evening, and today detailed the unfortunate results: "approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, the Netherlands, and Spain" were lost, apparently from "an outdated database from 2007." Of the 12,700 total, 4,300 are alleged to be from Japan, while the remainder come from the aforementioned four European countries.

Furthermore, Sony ties today's announcement directly to the recent attacks on PlayStation Network and Qriocity, with Sony saying SOE customer information was stolen on either April 16 or April 17. Sony has repeatedly stated that its PSN servers and SOE servers are not part of the same network, so it remains unclear just how these two attacks are tied together.

Letter from SOE explaining the situation:

QUOTECustomer Service Notification

May 2, 2011
Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained - we will be notifying each of those customers promptly.

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.

We apologize for the inconvenience caused by the attack and as a result, we have:

1) Temporarily turned off all SOE game services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

You may wish to visit the web site of the U.S. Federal Trade Commission at Deter. Detect. Defend. Avoid ID Theft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or NCDOJ. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.

We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1 (866) 436-6698 should you have any additional questions.

Sincerely,
Sony Online Entertainment LLC

Sources: BGR & Joystiq

*faceplam*

DISCUSS!

 

[The Catboy]

Well that was fast

 

[ShadowSoldier]

Is sony being hacked considered news worthy any more?

 

[sergster1]

Is sony being hacked considered news worthy any more?

Yes since this the the SECOND time within a less than 30 days that they have been hacked. This shows the lack of care they have for their customers. And complete disrespect.

 

[Guild McCommunist]

This reminds me, I need to get a PS3 sometime soon.

I wouldn't say they don't care about their consumers. A company without consumers is a dead company. I don't know if it's Sony rushing the process of getting their consumers back online (which, hey, is a selling point of the PS3) or if hackers are just really persistent since the first hack.

 

[Ikki]

Sony should be sweatin' buckets.

 

[1234turtles]

man what the **** sony i was starting to respect you again
they better double the ps+ to 60 days and more free games added

 

[sergster1]

man what the **** sony i was starting to respect you again
they better double the ps+ to 60 days and more free games added

They best give everyone who lost money a free PS4. O wait i dont want it now.

 

[Foxi4]

...you didn't SERIOSLY expect them to re-program the whole PSN infrastructure within a week, did you...? It takes time, that's why it's not LAUNCHED yet. Jeez...

 

[Joe88]

This shows the lack of care they have for their customers. And complete disrespect.

this really has nothing to do with that

its now obvious somebody is out to get them
evidence is pointing to an inside job right now though on both attacks

 

[Chanser]

It's not the second time, this was happening during the PSN hack.

 

[DJPlace]

so psn is pushed back father?!?. if it is... then i'm going say to hell with it!!

 

[sergster1]

...you didn't SERIOSLY expect them to re-program the whole PSN infrastructure within a week, did you...? It takes time, that's why it's not LAUNCHED yet. Jeez...

It wasnt psn that was hacked. It was SOE. Sony Online Entertainment. Two very different companies. Plus the data was stored on TWO different data banks. This means that they have no excuse saying that ohh we accidentally didnt use proper security on this server.

 

[DJPlace]

...you didn't SERIOSLY expect them to re-program the whole PSN infrastructure within a week, did you...? It takes time, that's why it's not LAUNCHED yet. Jeez...

It wasnt psn that was hacked. It was SOE. Sony Online Entertainment. Two very different companies. Plus the data was stored on TWO different data banks. This means that they have no excuse saying that ohh we accidentally didnt use proper security on this server.

oh i see i guess i misread it or something. well no psn delay makes me a happy man!!

 

[Law]

Is sony being hacked considered news worthy any more?

Yes since this the the SECOND time within a less than 30 days that they have been hacked. This shows the lack of care they have for their customers. And complete disrespect.

You say that as though they're hacking themselves.

 

[trumpet-205]

You can't do much with credit card number and exp. date alone. You would need name, address, and 3 digits security code on the back (for AMEX, 4 digits on the front) in order to use that credit account. Credit card companies will deny transactions if all hacker have are credit card numbers and exp.dates.

 

[Canonbeat234]

Sadly this just makes me wonder if Sony is going to ever remodel their security infrastructure? I mean SOE is using the same one after they got hacked a few days ago. Now again, they are claiming to be hacked again. I wonder what other PS3 owners are saying about this?

In other news, Sony CEO admits he's the hacker. This total shock and dismay haven't register to their fans until a few day later.

 

[Joe88]

I mean SOE is using the same one after they got hacked a few days ago. Now again, they are claiming to be hacked again.

as Chanser stated
this hack happened at the same time that PSN was hacked

 

[ShadowSoldier]

Well obviously someone wants to ruin Sony....

DAMN YOU SATORU IWATA!

 

[Hanketsu7787]

Almost 2 weeks without psn..... I wouldn't have even noticed if i hadn't heard Arcana Heart 3 and Skullgirls were out. Oh well thats why we have DS's.