Sony Breach Gets Worse: 24.6 Million Compromised Accounts At SOE 242
An anonymous reader writes with an update to yesterday morning's news that Sony Online Entertainment's game service was taken offline to investigate a potential data breach related to the PSN intrusion. SOE has now said that they too suffered a major theft of user data.
"... personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain."
They are upset... (Score:5, Insightful)
Re:Just wondering (Score:5, Insightful)
Best Practices (Score:5, Insightful)
Hey guys, let's keep around credit/debit card billing data from 2007 all online. Deleting it after 6 months of inactivity could hurt sales!11! There's no cost to keeping it around, nothing that would pass an accountant anyway. Let's pay ourselves a bonus for our forward thinking.
Password (Score:5, Insightful)
Re:Best Practices (Score:5, Insightful)
Re:Just wondering (Score:5, Insightful)
I would lay my bet on "Sony doesn't want to tell anyone how bad it is" until they are required to do so. This is very much the same pattern of behavior we see with the Fukushima nuclear plant. Please believe me when I say that this behavior is quite typical of Japanese companies. It is not "diabolical" as you may think but is instead considered "wise" not to share information that is not required and may be potentially damaging to the company.
But to Sony I say "FEAR YOUR CUSTOMERS." You are not in control as much as you seem to think you are. They control the dollars in their pockets (though not necessarily those in their bank or credit accounts as you well know) and they choose what they buy from you. And when you make them angry, and you never know exactly who are are making angry, these anonymous customers, you just might make some who are dangerous to you very angry in the process.
I am guessing that this is a very focused attack on Sony. Was it because of their shoddy products? Their involvement in the recording industry? Their abuse of customers in general? It could be any or all of these things or more. So yeah, Sony... you forgot "the customer is always right" and that happy customers are your best customers.
And if other companies haven't figured out by now, "you are next" if you don't start taking care of your customers and keep abusing them as you do. I am speaking to AT&T, Verizon and any other company that is known for being abusive to customers. Just wait and see.
I'm just glad I pulled away from Sony so long ago. I didn't have much if any data at risk this time around, so I'm good to go for now. It's all good entertainment for me at the moment.
Re:Just wondering (Score:5, Insightful)
Sony did mend their ways. After the rootkit fiasco for sure, but after most of the other bonehead moves as well. They apologized and promised to do better and all that, like they all do.
But, like they all do, over time the same forces that led them to this will lead them there again. Corporate structures being what they are it simply isn't possible to communicate an intangible risk like 'what if a hacker breaks in and copies all our data' well enough to garner the kind of funding to implement real security. At least not at a company the size of Sony. And certainly their users have proven that at every turn they are willing to sacrifice security for convenience and price and features. This site has a Sony gaffe poll on the front page, and the readership is better educated about tech issue than most, yet how many PS3s per capita do you think there are here?
So Sony has little motivation to really change and I doubt they are alone in having lax security.
I am looking forward to the show they will put on after this is over. Figure they will hire Bruce Scheiner and Theo DeRaadt. Fireworks. Maybe a hovercraft pulls up to Sony HQ and the team that took Bin Laden pours out, sets up a perimeter. Sony's CEO stomps onto the stage in a mecha and declares war on hackers. It is going to be amazing.
Re:They are upset... (Score:4, Insightful)
How did this get modded "5, Insightful"? Are those who modded this post agreeing with sentiment (Sony hate) or do they actually believe Sony Online Entertainment wants to steal personal data?
Re:A lesson for companies (Score:2, Insightful)
Get it right. Hackers attacked Sony (and SOE), but while their PR got hurt and they have to spend some money on some security consultants, it's the USERS (past and present) that will be experiencing the brunt of the damage.
This is an attack on PEOPLE, not a company. If a company was the target, then corporate account information would have been hacked.
Damn people blinded by the hip thing to hate...
Re:They are upset... (Score:2, Insightful)
Probably has something to do with Sony's reputation before these breeches were known.
http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
How did Sony get 0wned? (Score:4, Insightful)
After Sony's initial admission of the PSN breach, a lot of people pointed fingers of blame at the PS3 hackers without so much as a shred of evidence either way.
Now that it appears SOE was also penetrated at approximately the same time, I think it's fair to ask just where the penetration occurred, how much customer data was accessible across Sony's networks, and what (if any) internal safeguards were supposed to be in place. There could be multiple penetrations through several vulnerable points, but this looks even more coordinated and planned than initially suspected. If Sony hasn't investigated IT employees, it's time to start -- at minimum, someone has loose lips or careless behaviour. At worst, someone sold them out.