On May 1st, Sony held a press conference and apologized to its customers for the inconvenience their network outage has caused as a result of the recent hacker attack on the PlayStation Network and Qriocity services. The very next day, Sony Online Entertainment’s services went offline as well, after which SOE announced that, as a result of the recent attacks, several thousand credit or debit card numbers and debit records were compromised.
Hackers have stolen an estimated 12,700 non-US credit/debit card numbers and 10,700 direct debit records (which includes the name and bank account number) of certain customers in Austria, the Netherlands, Germany and Spain, which Sony claims was taken from an outdated 2007 database. Sony learned of this security breach as part of their ongoing investigation of the hacking incident in April, and promptly shut down all SOE-related servers upon the discovery of the theft. According to a statement issued by Sony to GamesIndustry.biz, only 900 of the 12,700 credit/debit card details were still active.
Sony has also announced the theft of the personal information of 24.6 million Sony Online Entertainment accounts. This information includes name, address, e-mail address, birthdate, gender, telephone number and login information.
To make up for the interruption in service, SOE is granting customers an additional 30 days time on their subscriptions, as well as an extra day for every day SOE services are suspended. It is also working on a “make good” plan for its PlayStation 3 MMOs, such as Free Realms.
Sony promises its users complimentary assistance in enrolling in identity theft protection services.
It is truly frightening to see how quickly the hacking incident has escalated from a minor annoyance (PSN down-time) to a major problem (stolen credit card and bank information). One wonders what methods Sony used to protect SOE’s sensitive user data, as the question is: did they use the same method for PSN user data? Logically, if credit data was stolen from one database, a hacker could very well have stolen from another if it was protected the same way. In any case, we urge any player who has submitted credit card data for any of Sony’s services to call their credit card company and check for fraudulent activity. Change your credit card number, if need be. This situation could get much worse before it gets any better.