Sony under fire again as 93,000 accounts attacked
Login data thought to be from "other sources", credit cards "not at risk"
Sony has detected another mass login attempt on its database of PlayStation Network, Sony Online Entertainment and Sony Entertainment Network accounts, with what it calls a "a massive set of sign-in IDs and passwords" being used to attempt access to 93,000 accounts.
That list is thought to have been collated from "other companies, sites or other sources". Sony has promised to attempt to reimburse customers for any misappropriated PlayStation wallet funds.
All affected accounts, of which 60,000 were PSN/SEN and 33,000 SOE, have been temporarily locked to prevent any further access. Only a "small fraction" of the accounts accessed showed any activity before being locked, indicating that relatively few had their data compromised.
"These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources," reads a post on the official PlayStation Blog.
"In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.
"Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected...Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet."
Emails will be sent to all affected customers, says Sony.
In April, the PSN database suffered a huge security breach, resulting in 75 million vulnerable accounts and almost six weeks of downtime whilst security measures were improved.
After that attack, Sony came under fire from many bodies for the delay in letting its customers know about the breach, even facing questions from the US Senate.

Whilst it is obvious Sony cocked up at the beginning of the year, it is important that the public arn't made to unfairly think, "Here we go again!" and drawing the conclusion Sony haven't learned, when any actual problems here sound like they are caused by a combination of another site's security and users not using unique passwords (I was given the advice to use a unique prefix based on the site name to my general use password, it wouldn't fool a human with a list, but should be more than sufficient to stop a bot).
'Sony accounts hacked' or 'Sony accounts breached'
but the article title is false as Sony wasn't directly hacked.
Fix it Dan!
As for the attack itself, this sort of thing is fairly common. Even my little server at home regularly gets tens of thousands of attempts per day to log in via ssh under various guesses of common login names and passwords. That's why I don't allow password logins on accounts.
But this certainly is a clear demonstration of why you should never use the same password on two different web accounts.