Sony Breach Gets Worse: 24.6 Million Compromised Accounts At SOE

An anonymous reader writes with an update to yesterday morning's news that Sony Online Entertainment's game service was taken offline to investigate a potential data breach related to the PSN intrusion. SOE has now said that they too suffered a major theft of user data. "... personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain."

See

[Dunbal]

This is what happens when someone manages to jump the fence of your "walled garden".

They are upset...

[houstonbofh]

They are just pissed that somebody stole a lot of personal data, and took over a bunch of computer systems, and it wasn't them.

Re:They are upset...

[eepok]

How did this get modded "5, Insightful"? Are those who modded this post agreeing with sentiment (Sony hate) or do they actually believe Sony Online Entertainment wants to steal personal data?

Re:

[Anonymous Coward]

Probably has something to do with Sony's reputation before these breeches were known.

http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal

Re:

[eepok]

Calling the Sony rootkit an attempt at computer takeover is like calling the duplication of an MP3 theft.

Best Practices

[Anonymous Coward]

Hey guys, let's keep around credit/debit card billing data from 2007 all online. Deleting it after 6 months of inactivity could hurt sales!11! There's no cost to keeping it around, nothing that would pass an accountant anyway. Let's pay ourselves a bonus for our forward thinking.

Re:

[mwvdlee]

It's probably tax laws requiring them to hang on to all financial transaction details for a number of years.

Re:Best Practices

[capnkr]

They could *easily* do that in a manner which did not allow for the data to be 'net accessible, and therefore exploitable or fairly easily stolen if their network system became compromised. They could have kept it on non-networked (or non-running) machines, external/removable digital storage, dead-tree hardcopies in a file drawer or stack of boxes... There's no need to have that sort of data instantly - or even very easily - available.

Re:

[Jawnn]

It's probably tax laws requiring them to hang on to all financial transaction details for a number of years.

No, it isn't. Think harder...

Re:

[aztracker1]

Not only that, but the relevant purchase information, even including the type of CC and the last 4 of the card number would be enough... it's not like businesses keep track of the serial numbers for every cash bill that crosses a register... It's simply a horrible concept. If they allowed for partial refunds, then keeping the information long enough for a refund, fine. If the have recurrent billing.. this should be a walled system (software tier, not just layer) that has a simple API for the front end sy

Re:

[GooberToo]

It bugs me to no end that programmers, architects and CS engineers will design a software system that pretty much ignores having physical separation of service tiers for things like this.

Frequently its someone who is completely out of touch with technology and paid 10x more who make these mandates of engineers.

Re:

[praxis]

Or just ask the customer to re-enter their payment information. Especially since after 12 years it is likely to be different anyhow.

Re:

[ProppaT]

There's a number of websites, including Amazon.com, that have a crapload of old expired credit cards of mine on file. I don't care, they're expired and I'm too lazy to delete them. On the plus side, they also have all of my addresses from the past 10 years stored...which has actually been a life saver in the past when I couldn't remember an old address :p

Re:

[praxis]

Amazon does their due diligence in storing the numbers though. Payment information is tokenized in a separate service and not accessible on the network. Only one-way "please charge instrument with alias X Y amount of Z currency" requests go to a proxy service.

Re:

[Dunbal]

Er, the credit card number does not change when your card is renewed. Only the expiration date and the security number do. The expiry date can probably be worked out, and that just means they have to guess a 3 (or 4 depending on the company) digit security number.

Re:

[Bengie]

mine changed(bank card anyway).. boo-yaa. I use a credit union and they keep up to date with lots of security stuff.

Heck, they even have their own numbering system for IDs as not to ask for your SSN/last-4, except in private rooms with an employee.

How far back does it go? This far... 8 years

[Anonymous Coward]

I haven't played everquest since 2002 and I got a notice. Luckily for me all that credit card information is outdated and wrong. Event the mailing address is wrong. How someone was able to access this data is beyond me. I cannot, for any reason, think of any justification Sony could have to store something in a manner that a developer could access at this level.

Sony is going to have one hell of a class action lawsuit in it's hands.

Re:

[nedlohs]

Nothing except my name (and date of birth if they have that) is the same as in 2002. Heck I've moved countries and changed citizenship since then...

But a lawsuit is interesting from the perspective of required arbitration being ruled valid recently. If the EULA in question is that old, and you are no longer a subscriber would something like this now be covered by it?

Re:

[popoutman]

Of course - depending on your country of domocile, EULAs are meaningless things that have no legal standing.

Re:

[Tei]

Developers? no, that database was probably a backup somewhere inside some computer on the network, so the attacked managed to get shell inside PSN, and from there open other systems, included this database one.

Password

[ifrag]

At this point, I'm almost surprised the password wasn't stored in plain text. Then again, given the magnitude of the breach, I'm betting on it not being very hard to break the hashed password.

Re:

[mwvdlee]

I'm assuming Sony just invalidated all passwords after the breach and disallowed passwords with the same hash as the previous one?

Dear Sony Infiltrator...

[daitengu]

If the person who stole the SOE accounts could get in contact with me, I've been trying to reset my SOE password for 2 months now, and it hasn't worked. Could you tell me what my password is?

Re:

[Anonymous Coward]

Just use ' OR 1=1 --

Re:

[SilentStaid]

To think, this whole time his hunter2ing password was hunter2...

/ducks

Re:

[ciderbrew]

+ 1 mod of :)

BOYCOTT SONY

[tekrat]

So, when are all you losers going to wake up?

Sony just wanted your money, they don't give a crap about you, your rights to privacy, or even making an attempt at keeping your data secure.

If you purchased a Sony product in such a way that they've got your credit card number, you're at risk, and it doesn't seem to matter since when; since the beginning of Sony on the Internet. Hopefully, those of you using Sony Online since the days of the Playstation (one), only have expired credit cards to worry about, but a

Re:

[kannibal_klown]

So, when are all you losers going to wake up?

Sony just wanted your money, they don't give a crap about you, your rights to privacy, or even making an attempt at keeping your data secure.

Personally I'm more annoyed at the people that performed the hack than Sony. Granted Sony has lost what little company loyalty I had, I already stopped buying most of their products.

But in this case is the perpetrators that make me angry. It's one thing to screw with a company, it's another to screw with the average Joe that just wanted to play the latest Ratchet and Clank episode.

Name, address, birthdate, credit card number... that's more than enough for identity theft. Meaning not only do I need to tak

Re:BOYCOTT CORPORATE AMERICA

[subreality]

So, when are all you losers going to wake up?

Corporate America just wanted your money, they don't give a crap about you, your rights to privacy, or even making an attempt at keeping your data secure.

If you purchased an American product in such a way that they've got your credit card number, you're at risk, and it doesn't seem to matter since when; since the beginning of the credit card. Hopefully, those of you using goods and services since the 1960s, only have expired credit cards to worry about, but anyon

Great timing!

[rsilvergun]

I love the way corporations do this, just wait for a big news story (Osama's dead) and then start releasing the full extent of the disaster. The same principle worked for the cigarette companies. They were set to be torn apart of lying about the dangers of smoking and genetic modification to increase addiction, then along came 9/11 and all was forgetting. All you got to do is stonewall until a bigger problem comes along.

Re:

[DarkOx]

They call it "crisis communications" for a reason I guess.

Sony Blu-Ray Player

[Sir_Eptishous]

So if I bought a Sony Blu-Ray player a while back, and had to create an account on their site to "access" the device, it appears that account I created has been compromised.

Encryption?

[s31523]

I keep hearing about intrusions that result in data theft, including credit card numbers, etc. Can someone tell me why on earth this information is being stored as plain-text and not as encrypted files? Unless of course the data is encrypted and the passphrases are stored in open-text files with a filename of "password_to_our_files.txt"

Schadenfreude

[Chas]

While I take no pleasure in the fact that people's financial data has been compromised, my intense dislike of Sony and its business practices is severely inhibiting my ability to wipe an evil little grin off my face.

How did Sony get 0wned?

[Anonymous Coward]

After Sony's initial admission of the PSN breach, a lot of people pointed fingers of blame at the PS3 hackers without so much as a shred of evidence either way.

Now that it appears SOE was also penetrated at approximately the same time, I think it's fair to ask just where the penetration occurred, how much customer data was accessible across Sony's networks, and what (if any) internal safeguards were supposed to be in place. There could be multiple penetrations through several vulnerable points, but this looks even more coordinated and planned than initially suspected. If Sony hasn't investigated IT employees, it's time to start -- at minimum, someone has loose lips or careless behaviour. At worst, someone sold them out.

Re:

[Dunbal]

The only money I have on the 'net is the money I have given to my stock broker. So in theory I am "safe", having given my money to the biggest thief of all!

Re:

[SharpFang]

The fact you have not -given- money doesn't mean there is no money to be stolen from you. Only if you're so far in debt that the most dubious credit agency refuses to lend you money you can't be stolen from. Otherwise you may go day to day happily until debt collector knocks on your door with demand to pay the loan back - the loan you never took.

Re:Just wondering

[houstonbofh]

All of those folks who decided to boycott Sony over any one of the rootkit fiascoes should be feeling a bit superior right now.

Re:

[Anrego]

I've actually seen a surprisingly lack of "I told you so". I figured it would be every second comment at this point...

Re:

[Tsingi]

I've actually seen a surprisingly lack of "I told you so". I figured it would be every second comment at this point...

LOL! I'm with you there. I have a PS3, I plugged it into the net. Halfway through reading the Sony online licence agreement I unplugged it vowing never to plug it in again. I don't recall what it was that set me off exactly, it was years ago, but I haven't changed my mind.

A journalist friend of mine has suggested the possibility that Sony is staging this "hacker" attack as a fortuitous propaganda stunt to make hackers look bad and possibly cover up a real infrastructure problem caused by Sony itself.

Re:

[kannibal_klown]

A journalist friend of mine has suggested the possibility that Sony is staging this "hacker" attack as a fortuitous propaganda stunt to make hackers look bad and possibly cover up a real infrastructure problem caused by Sony itself.

While it makes *some* sense, I don't buy it.

My feeling is that this whole fiasco is hurting Sony's bottom line more than the whole hacker-awareness / scapegoat thing could even provide in the long-term.

They're losing a lot of customer trust and customer loyalty, and I have to assume this is hurting their stock price. Once is a shame, twice (so close together) is a disaster.

While it's true that companies probably want to shine a large spot-light on hackers, identity theft, etc there has to be some risk mana

Re:

[torgis]

A journalist friend of mine has suggested the possibility that Sony is staging this "hacker" attack as a fortuitous propaganda stunt to make hackers look bad and possibly cover up a real infrastructure problem caused by Sony itself.

While it makes *some* sense, I don't buy it.

Agreed. It just does not sound plausible. Sometimes it's fun to attribute stuff like this to some scheming corporate overlord, sometimes what appears to be poorly handled public relations nightmare is, in fact, a poorly handled public relations nightmare.

Re:

[webdog314]

So our choices are, "It's those nasty, evil, hackers... taking advantage of Sony's (obviously) inadequate security"... or "It's Sony's (obviously) inadequate security... attracting those nasty, evil, hackers." Meh. Either way, Sony blew it, and doesn't deserve to be trusted anymore. We should have learned with the whole rootkit fiasco, but we do like our gaming... apparently more than our credit cards.

Re:

[NevarMore]

, and I have to assume this is hurting their stock price. Once is a shame, twice (so close together) is a disaster.

http://www.google.com/finance?q=Sony [google.com] - Not sure which Sony to look at, but it seems that it is.

Re:

[ifiwereasculptor]

Interesting chart. Seems to me like the recent price drop is nothing atypical, though, just common market variation. Nothing like 2009 - that was something to be excited about. Actually, aside from a low here and there, Sony's stock price seems to have been increasing pretty steadily. I'd like to be wrong, though. Thank god I'm not a professional market analyst. Not that it would make my predictions any more trustworthy, of course - I just felt like expressing my joie de vivre.

Re:

[Skuld-Chan]

A journalist friend of mine has suggested the possibility that Sony is staging this "hacker" attack as a fortuitous propaganda stunt to make hackers look bad and possibly cover up a real infrastructure problem caused by Sony itself.

You think the damage in their reputation, their online branding for SOE etc is worth this? If true they have some monumentally stupid people working for them.

Re:

[ifiwereasculptor]

If true they have some monumentally stupid people working for them.

I wasn't taking that conspiracy theory seriously until now, but you make a compelling argument.

Re:Just wondering

[delinear]

I'm one of those who have been boycotting Sony since the rootkit fiasco but I'm not going to get preachy about it. For me, it's not some kind of crusade to get them to mend their ways or die, it's actually rather pure self-interest - I just know that they can't screw me over. I do wish a few more people would take note and Sony would mend their ways as a reaction. They used to be a decent company, their hardware was always top notch and I loved the PS1, it's just a bit sad to see them go down this route of profit above all.

Re:Just wondering

[Hijacked Public]

Sony did mend their ways. After the rootkit fiasco for sure, but after most of the other bonehead moves as well. They apologized and promised to do better and all that, like they all do.

But, like they all do, over time the same forces that led them to this will lead them there again. Corporate structures being what they are it simply isn't possible to communicate an intangible risk like 'what if a hacker breaks in and copies all our data' well enough to garner the kind of funding to implement real security. At least not at a company the size of Sony. And certainly their users have proven that at every turn they are willing to sacrifice security for convenience and price and features. This site has a Sony gaffe poll on the front page, and the readership is better educated about tech issue than most, yet how many PS3s per capita do you think there are here?

So Sony has little motivation to really change and I doubt they are alone in having lax security.

I am looking forward to the show they will put on after this is over. Figure they will hire Bruce Scheiner and Theo DeRaadt. Fireworks. Maybe a hovercraft pulls up to Sony HQ and the team that took Bin Laden pours out, sets up a perimeter. Sony's CEO stomps onto the stage in a mecha and declares war on hackers. It is going to be amazing.

Re:

[Psmylie]

You're right about how hard it sometimes is getting executives to see how important security is to a company. Which is why examples come in so handy. So, the one thing about this that could be considered a silver lining is that tons of other companies are watching what's happening and thinking, "Gosh, maybe we should look at our own security, because we don't want to be the next SOE"

The problem is, that's a lesson that tends to be forgotten when it's time to write up the next budget.

Re:

[Anrego]

I am looking forward to the show they will put on after this is over. Figure they will hire Bruce Scheiner and Theo DeRaadt. Fireworks. Maybe a hovercraft pulls up to Sony HQ and the team that took Bin Laden pours out, sets up a perimeter. Sony's CEO stomps onto the stage in a mecha and declares war on hackers. It is going to be amazing.

That seriously made my day! Thanks :)

Re:

[networkBoy]

Corporate structures being what they are it simply isn't possible to communicate an intangible risk like 'what if a hacker breaks in and copies all our data' well enough to garner the kind of funding to implement real security. At least not at a company the size of Sony

I work for a company of roughly the same size, in a similar industry (hardware not content). I am currently one of the people in charge of validating our security measures. There are several of us, and I am likely near to bottom of that particular totem pole, yet I have the ability to stop the launch of the product I am working on at a cost of likely millions of dollars if I find an issue really late in the game. While the product may ultimately ship even if I find an issue, it will not ship till upper m

Re:

[praxis]

Have you tested this so-called power? I find most business have sensible policies like that outlined, but nine times out of ten upper management will still decide the risk is worth the cost.

Re:

[networkBoy]

Yup.
We do exercise the power and have done so more than once. That said, it wasn't always like that. Management got burned some number of years ago. They learned their lesson when forced to. But the core structure of how things work here has changed such that the "old ways" really can not come back.

Re:

[praxis]

Excellent. Now if only more business would take a similar stance.

Re:

[Maxo-Texas]

Yup. Seen this many times in my own company.
Talked about risks but until there was a break of some kind, it was ignored.

To be fair- they may hear about 100's of risks and how do they prioritize? Do they spend millions addressing risks which were over-ranked by their associates? You could go bankrupt that way and still get hit by what you thought was a lower priority risk that you put later in the chain.

It's not right- but it's why they do it.

FYI (This is why they ask companies like Gartner and Gartner sa

Re:

[CrashandDie]

I'm one of those who have been boycotting Sony since the rootkit fiasco but I'm not going to get preachy about it.

You just did.

Re:

[praxis]

Not sure what definition of preach you subscribe to, but he explained his personal reasons for his personal boycott. He wasn't preachy about it.

Re:

[Jawnn]

I've actually seen a surprisingly lack of "I told you so". I figured it would be every second comment at this point...

Complete waste of time. We said it. Everyone knows it. Why bother to observe the obvious.
Oh, wait... You mean the network and security engineers at Sony who had been telling their bosses the needed a realistic budget for security. Yeah, I'd have expected those poor saps to have gone public by now.

Re:

[ilsaloving]

That's because there's no point. People continue to buy Sony despite their antics. Those of us who know better avoid sony like a plague, and then watch, wait, and roll our eyes as another batch of people get screwed over.

Re:

[Opportunist]

*shrug*

I just stopped caring. There's only so much bandwidth I'm willing to sacrifice to preaching the deaf.

Re:

[Inda]

Thanks! I do feel superior because of my purchasing habits!

I am slightly concerned about my Xbox Live account - it's only a matter of time, ay?

Re:

[HAKdragon]

As an owner of both the PS3 and 360, I called my bank and canceled my card last week, just in case. What really irratates me is that, at least through the web interface, you can not remove your credit card information from Microsoft's billing services - at least with an active Live Gold membership (depsite the fact the Live Gold account is already paid for)

Re:

[BLKMGK]

Yup, and they will autorenew you too - even if the expiration on the card has passed. Yes, they did it to me! The card is now long gone and so is my "gold" membership and I doubt I'll ever buy another after the experience I had trying to cancel this one. Thankfully Sony doesn't have any such details from me...

Re:

[samjam]

Cancelling your card is NOT the same as cancelling the service that you way paying for with the card.

They may just send the debt collectors around instead.

if you want to cancel a service, make sure you do just that. Cancelling the card is good too, in case they don't manage to stop taking payments, but it's not a substitute.

Re:

[praxis]

I'm willing to be saying something like "would you mind sending me in writing that you refuse to cancel my account to the following address (pause)" might work.

Re:

[Tridus]

This is actually the exact reason why I buy so few online games for the Xbox. I'd buy a lot more, but I don't want to leave Live subscribed when I'm not using it (because it costs money) and I don't want to activate it now because doing so means eventually I have to call their horrible customer service to cancel it.

Why is there no cancel button in the UI like there is in any sane product?

Re:

[jhoegl]

So is death, what is your point?
Be Aware, Protect, Defend. This has not changed since Man has become self aware.

Re:

[marcello_dl]

Last sony product I owned is a second hand trinitron, but there's nothing to feel superior about.
With sony rootkit, the consumers were screwed. With this fiasco the consumers were screwed, and most of them don't know what a rootkit or an otheros is.

Re:Just wondering

[gclef]

I haven't done business with Sony Online Entertainment at all for over a decade, and I'm apparently effected. I subscribed to Everquest way back in the day, but dropped somewhere around 2001. I just yesterday got an email from them that my personal information had been lost. So, don't feel so superior...even if you started boycotting them over the rootkits, they kept your information from before then, and then lost it to hackers.

Re:

[wintercolby]

Meh, I've been boycotting them since the MP3 lawsuits, and didn't give them any of my info before then.

Re:

[Sawbones]

Since it's been over a decade for me, I honestly can't remember - what information did they even collect for Everquest? Yeah, they'd have massively outdated address and phone information, but I consider that already essentially public information. What else, birth date? Certainly not mother's maiden name or SSN or anything along those lines. Does anyone remember?

Re:

[mordenkhai]

I got my email as well, but its been probably 5 years since I played any game on there, and I signed up for EQ at launch. I'll double check the info today when I get a chance to make sure it is nothing important, ie old CC, change password etc.

Re:

[HAKdragon]

Of course they are! The only thing that out numbers Slashdot community member's tin foil hats is their feeling of superiority and smugness! (I'm only half joking)

Re:

[kevinNCSU]

Well, if they "decided to boycott" then that means they paid for Sony stuff beforehand and their equally at risk as they'd still have their info in the database. Otherwise they just decided to keep on doing exactly what they were doing anyways and their the type of internet people that would already be feeling superior about it anyways ;)

Re:Just wondering

[erroneus]

I would lay my bet on "Sony doesn't want to tell anyone how bad it is" until they are required to do so. This is very much the same pattern of behavior we see with the Fukushima nuclear plant. Please believe me when I say that this behavior is quite typical of Japanese companies. It is not "diabolical" as you may think but is instead considered "wise" not to share information that is not required and may be potentially damaging to the company.

But to Sony I say "FEAR YOUR CUSTOMERS." You are not in control as much as you seem to think you are. They control the dollars in their pockets (though not necessarily those in their bank or credit accounts as you well know) and they choose what they buy from you. And when you make them angry, and you never know exactly who are are making angry, these anonymous customers, you just might make some who are dangerous to you very angry in the process.

I am guessing that this is a very focused attack on Sony. Was it because of their shoddy products? Their involvement in the recording industry? Their abuse of customers in general? It could be any or all of these things or more. So yeah, Sony... you forgot "the customer is always right" and that happy customers are your best customers.

And if other companies haven't figured out by now, "you are next" if you don't start taking care of your customers and keep abusing them as you do. I am speaking to AT&T, Verizon and any other company that is known for being abusive to customers. Just wait and see.

I'm just glad I pulled away from Sony so long ago. I didn't have much if any data at risk this time around, so I'm good to go for now. It's all good entertainment for me at the moment.

Re:

[Just Some Guy]

wow man that's harsh. you're saying that if a company doesn't give you good customer service, then somebody will hack the company, steal millions of account records, and cause millions if not more in damages and lost business?

If he's not, I will: yes, that's exactly correct. When companies piss enough people off, someone goes gunning for their servers. Neither erroneus nor I are claiming that this is the correct, moral, or legitimate response, just that it's a likely outcome. Sony and their peers have worked hard to remove all legitimate means of redress, and now people are pursuing the only avenues left open to the average guy without a few megadollars to futilely pursue them in court. What else would you expect to happen, real

Re:

[jdgeorge]

wow man that's harsh. you're saying that if a company doesn't give you good customer service, then somebody will hack the company, steal millions of account records, and cause millions if not more in damages and lost business?

If he's not, I will: yes, that's exactly correct.

Really? You, or some other vengeful hacker will take it out on Sony by stealing from millions of other people? I don't think that's what you mean.

I think the theft of people's personal data was perpetrated by career criminals, not by wronged consumers.

Re:Just wondering (don't think so)

[tekrat]

Really? Then why haven't we seen any massive credit card fraud yet? Sony is claiming at over 10 million CC numbers were "stolen" and that was from a hack done more than 2 weeks ago.

If these were career criminals, why haven't we yet seen the horror stories of millions of dollars of goods shipped to Romania, with average joes holding the bag on the bill?

And why target Sony? Amazon would have far more data, as well as Facebook. Or, hack Microsoft's Xbox network which has more users in the USA. Why wasn't Ninte

Re:

[Chibi Merrow]

Sony has gone a bit beyond "doesn't give you good customer service".

Re:

[foma84]

This is very wrong. As far as anyone can know there is no correlation between the GeoHot affair and this one. Also if that personal data is exposed it'd harm large parts of that same comunity. Unless this id theft was organized only to prove a point (which is very very unlikely imo), this is no more that a plain theft. As in made by criminals. Only upside is that it exposed security issues, maybe as a lesson for the future. Or maybe not.

Re:

[Aladrin]

Sony attacked a hacker. Very soon afterwards, a bunch of hackers attacked Sony.

It's hard -not- to see causation there. It's perfectly possible this was just someone who wanted the account info and didn't have a grudge, but it's easier to assume they are related.

Re:

[Acapulco]

Well, to be fair, I wouldn't consider the guys(or girls?) that broke into Sony to be in the same category/class as GeoHot. I would say GH as no finacial interest in hacking some hardware pieces, but instead genuine knowledge interest in how it works, how to make do something it was not designed to do, etc. The other guys would just want to crack the safe, steal the goods, and get out.

How is it that you would see a causation there? If some GeoHot supporters would break into Sony, I believe it would be be

Re:

[Abstrackt]

My conspiracy theory is that this attack was being planned for a long time and that GeoHot just happened to make the perfect scapegoat. Now Sony, and a large part of the gaming community, has someone to focus their wrath on and there's very little to prove the two events aren't connected.

Re:

[eepok]

Get it right. Hackers attacked Sony (and SOE), but while their PR got hurt and they have to spend some money on some security consultants, it's the USERS (past and present) that will be experiencing the brunt of the damage.

This is an attack on PEOPLE, not a company. If a company was the target, then corporate account information would have been hacked.

Damn people blinded by the hip thing to hate...

Re:

[Aladrin]

I didn't say they were all successful.

Re:

[marcello_dl]

I guess law enforcement will be very happy to share the knowledge that make you JMP to this conclusion.

This seems the work of crackers, the average hacker is more likely to get a handful of credit card details and publish the breach telling how his skillz went through mighty sony defense.

Re:

[Gunstick]

that's the reason it's often the hacker who gets slammed with lawsuits whereas the cracker goes on unnoticed.

Re:

[IICV]

What's really funny is that this whole fiasco would have never happened if Sony hadn't decided to disable the OtherOS function on existing PS3s. This led to hackers breaking open the PS3, which hadn't happened so far because the people who were capable of such feats were happy with OtherOS - and then, it seems that with hacked PS3s, the Sony Online servers were hacked relatively quickly.

Just imagine - if they hadn't pulled that crap with OtherOS, the PS3 could probably have gone unhacked until it was retire

Re:

[eepok]

Are you suggesting that millions of Sony Online Entertainment game subscribers over the past 4 years have pissed off a hacker? Because they're the ones that are going to get screwed, not SOE.

Re:A lesson for companies

[Dunbal]

Belong too? Another victim of Muphry's Law [wikipedia.org].

Re:SOE? Give names please.

[scrib]

Did you miss the first line of TFA?
"An anonymous reader writes with an update to yesterday morning's news that Sony Online Entertainment's game service..."
I think I'm getting a sense of what might be going wrong with high-frequency trading...

Re:

[Spad]

Please, a true Slashdotter doesn't even finish reading the headline before posting.

Re:

[capnkr]

That "PEE" you saw in your spaghetti-o's was apparently no abbreviation...

Re:

[capnkr]

So, all your cloud base are belong to...?


Actually, to thermal interaction with the planetary surface below them.

No, it's not really meme material, but I was inspired by your broken Engrish.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[nitehawk214]

I got one too from soe.innovyx.net. I assume they got my email address from the account hack and are sending out phish emails.

Nice try assholes. I will be resetting my credit card any how. And fat chance of SOE ever getting any payment from me again.

Re:Free Credit Monitoring is SOCIALISM

[tekrat]

First of all, you need to remember who's running this country, and it's not us. It's big corporations like Sony. They can essentially screw of all of us with impunity and if they go to far, the government gives them a slap on the wrist as a show of good faith to the people.

Consider the SEC. When they fine some trading company $20million for some illegal trading activities, do you really think that's a big deal? Of course not because they company made $100 or $200 million doing the illegal trade. To them, th

Re:

[muridae]

Yup, a friend of mine had played Everquest a while ago, and woke to find that email waiting. Who ever sent it knew what addresses were used for SOE games, and targeted them directly.

Looks like innovyx might have taken it down already, thankfully.

Re:

[HermMunster]

I've used Sony Online Entertainment for a decade. I generally do not purchase new Sony products. I have yet to receive anything from Sony indicating that my information may have been stolen. I know they have my correct email because I recently contacted them and they replied to me. I would be weary of anything sent to you. You should ensure you verify the "party" sending you the notices.

Aside from that, I do find it a bit disingenuous that Sony is making a PR announcement that basically says that "your