Gi Live London graphic

Connect with the UK Video Games Industry

Buy Your Tickets Today
Gi Live London graphic

Sony under fire again as 93,000 accounts attacked

Login data thought to be from "other sources", credit cards "not at risk"

Sony has detected another mass login attempt on its database of PlayStation Network, Sony Online Entertainment and Sony Entertainment Network accounts, with what it calls a "a massive set of sign-in IDs and passwords" being used to attempt access to 93,000 accounts.

That list is thought to have been collated from "other companies, sites or other sources". Sony has promised to attempt to reimburse customers for any misappropriated PlayStation wallet funds.

All affected accounts, of which 60,000 were PSN/SEN and 33,000 SOE, have been temporarily locked to prevent any further access. Only a "small fraction" of the accounts accessed showed any activity before being locked, indicating that relatively few had their data compromised.

"These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources," reads a post on the official PlayStation Blog.

"In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.

"Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected...Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet."

Emails will be sent to all affected customers, says Sony.

In April, the PSN database suffered a huge security breach, resulting in 75 million vulnerable accounts and almost six weeks of downtime whilst security measures were improved.

After that attack, Sony came under fire from many bodies for the delay in letting its customers know about the breach, even facing questions from the US Senate.

Gi Live London graphic

Connect with the UK Video Games Industry

Buy Your Tickets Today
Gi Live London graphic

More stories

Anthony Mackie to star in live-action Twisted Metal show

Production joins slew of Sony titles transitioning from video games to film and TV

By Jeffrey Rousseau

Sony to charge $10 for PS4 to PS5 game upgrades

But the platform holder reversed its decision about Horizon Forbidden West's PS5 upgrade

By Marie Dealessandri

Latest comments (11)

Cody Pike Studying Electrical Engineering, Alabama University9 years ago
Wow, Sony really pissed off the wrong crowd, didn't they?
0Sign inorRegisterto rate and reply
Andrew Goodchild Studying development, Train2Game9 years ago
To be fair, when I read the headline, this sounded like a group had blown away Sony's new security measures, when in fact it seems like the person or group have got information from elsewhere and are testing to see if people are using the same password /email combination, something that could be, and probably is being directed at several other sites.
Whilst it is obvious Sony cocked up at the beginning of the year, it is important that the public arn't made to unfairly think, "Here we go again!" and drawing the conclusion Sony haven't learned, when any actual problems here sound like they are caused by a combination of another site's security and users not using unique passwords (I was given the advice to use a unique prefix based on the site name to my general use password, it wouldn't fool a human with a list, but should be more than sufficient to stop a bot).
0Sign inorRegisterto rate and reply
Too Bad From Sony!
0Sign inorRegisterto rate and reply
Show all comments (11)
Mihai Cozma Indie Games Developer 9 years ago
Misleading article title.
0Sign inorRegisterto rate and reply
Andrew Jakobs Lead Programmer 9 years ago
Yeah I agree with Mihai, it's a very misleading article title, as Sony hasn't been hacked.. They had hack ATTEMPTS on 93000 accounts..
0Sign inorRegisterto rate and reply
Tim Wright Managing Director, Tantrumedia Limited9 years ago
I have read this article and I have to agree with Mihai... "Sony hacked again" is very much a tabloid press headline, and in this case wholly inaccurate given the facts. "Sony notices mass login attempt" is the size of it.
0Sign inorRegisterto rate and reply
Michael Rowland Live Producer, Ubisoft Annecy9 years ago
Have to agree with the previous comments, this is a brute force attack on Sony, which isn't uncommon for many big companies. They themselves have not been hacked or had their security compromised.
0Sign inorRegisterto rate and reply
David Spender Lead Programmer 9 years ago
Should have been:

'Sony accounts hacked' or 'Sony accounts breached'

but the article title is false as Sony wasn't directly hacked.

Fix it Dan!
0Sign inorRegisterto rate and reply
This article's using a rather peculiar definition of "hacked".
0Sign inorRegisterto rate and reply
Tyler Moore Game Designer & Unity Developer 9 years ago
Agreed, misleading title. It paints a negative portrait of Sony when in fact they had considerably greater success fending off this attack then they did in the past.
0Sign inorRegisterto rate and reply
Curt Sampson Sofware Developer 9 years ago
Hm. The title is now, "Sony under fire again..." I didn't see the previous title. Is this publication in the habit of correcting articles without mentioning that? Tch tch.

As for the attack itself, this sort of thing is fairly common. Even my little server at home regularly gets tens of thousands of attempts per day to log in via ssh under various guesses of common login names and passwords. That's why I don't allow password logins on accounts.

But this certainly is a clear demonstration of why you should never use the same password on two different web accounts.
0Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.