In a post on the EU PlayStation blog Sony’s new Chief Information Security Officer, Philip Reitinger, informs users Sony has “detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database.”
Reitinger points out the data appears to have come from another source.
“In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity,” writes Reitinger.
“Less than one tenth of one percent (0.1 per cent)” of the PSN, SEN and SOE audience may have been affected, approximately 93,000 accounts globally. Credit card numbers are not at risk, although accounts where the attempts to match sign-in IDs and passwords were successful have been locked.
“If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password,” writes Reitinger.
“Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on.”
Reitinger closes by reminding consumers of the importance of having “a strong password and having a username/password combination that is not associated with other online services or sites.”
Reitinger, former director of the US Department of Homeland Security’s National Cybersecurity Center, was hired last month by Sony to help protect against a repeat of April’s damaging cyberattacks.