SOE Loses Over 12,000 Credit Card Account Numbers

It looks like the PSN wasn't the only thing hit in April.

Sony Online Entertainment has confirmed that "approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, the Netherlands, and Spain" were taken during the intrusion.

The data loss comes from "an outdated database from 2007."

The odd thing about the whole scenario is that the two servers are on separate networks, but Sony tries to explain the problem below.

"While the two systems are distinct and operated separately, given that they are both under the SONY umbrella, there is some degree of architecture that overlaps," a statement said. "The intrusions were similar in nature. This is NOT a second attack; new information has been discovered as part of our ongoing investigation of the external intrusion in April.


-------------------------------------------------------------------------------------------------

Sony warned that personally identifiable information for an additional 25 million customers was exposed after discovering a massive security breach extended to its online computer games service.

The intrusion on Sony Online Entertainment systems exposed data for 24.6 million users, including their name, address, email address, birthdate, phone number, and login name. Those behind the attack likely also made off with passwords that were hashed, although Sony didn't address critical details, including what hashing algorithm was used and whether random values known as salt were used to prevent crooks from converting hashes into cleartext.

Sony also warned that that the SOE attackers may also have stolen an “outdated database” that stored data for some 12,700 payment cards belonging to customers located in Europe. The majority of SOE card information was stored in a “main credit card database” that was “in a completely separate and secured environment” that Sony analysts don't believe was accessed.

The warning came a day after Sony closed the SOE's Station.com website, because investigators “discovered an issue that warrants enough concern for us to take the service down effective immediately.”

Combined with a previously reported hack on the company's PlayStation Network, in which sensitive data for 78 million users is believed to have been stolen, the new disclosure means Sony has exposed personally identifiable information for 102.6 million user accounts. Sony has said that the passwords in the previously disclosed attack were also hashed, but so far hasn't supplied the same crucial details.
 
It has been a big fail beginning to 2011 for Japan generally, i hope they will recover in a short time.

Also this shows we are always under a constant threat while using our credit cards online, even with paypal you can't what may happen :(
 

Latest News

Do you prefer licensed hardware?

  • Yes for me it is vital

  • Yes, but only if it's a manufacturer I like

  • Yes, but only if the price is right

  • No, a generic wheel is fine

  • No, I would be ok with a replica


Results are only viewable after voting.
Back
Top