More trouble for Sony, which announced yesterday that a second of its networks had been hacked. The new security beach involves the Sony Online Entertainment (SOE) service, which is used for multiplayer online games like EverQuest, Star Wars Galaxies and Matrix Online. According to a Sony statement, banking and credit card information belonging to more than 23,000 customers outside the U.S. may have been compromised.
Just last week, it was learned that personal information for more than 70 million users of the <"http://www.yourlawyer.com/topics/overview/Sony-PlayStation-Network-Security-Data-Breach-Class-Action-Lawsuit">PlayStation Network and Qtriocity networks had been compromised in what was one of the largest security breaches in Internet history. As a result, both the PlayStation Network and Qtriocity have been offline since April 20. The information put at risk includes user names, passwords, and possibly credit card data.
Sony has insisted that credit card data is encrypted making it safe, but rumors have been swirling for days that the hackers are trying to sell such information on underground internet forums for as much as $100,000.
The PlayStation Network hack has led to criticism of Sony, which waited days to inform users of the breach. The U.S. Congress is asking questions, and at least one class action lawsuit has already been filed over the Sony PlayStation Network security breach. For its part, Sony has apologized for the hack and has offered affected users 30 days of free downloads and premium gaming once the networks are back online.
The SOE service is separate from the PlayStation Network. According to Sony’s latest statement, it had believed that SOE customer data was not obtained in the previous hack. However, on May 1, the company said it concluded the SOE information may have, in fact, been stolen.
The information that may be at risk because of the SOE hack includes name, address (city, state, zip, country), email address, gender, birth date, phone number, login name and hashed password. Sony said it had discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained.
Sony insisted that there was no evidence that its main credit card database was compromised, as it is in a completely separate and secured environment.
In response to the SOE hack, Sony has temporarily shut down the gaming service. Users are being advised to be aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony said in its statement that it will not contact any user in any way, including by email, asking for your credit card number, social security number or other personally identifiable information.
Sony “strongly recommends” that once the SOE service is back online, users change their username and password for the service. Those who use their SOE game account name or password for other unrelated services or accounts are also strongly recommended to change those.