Sony Locks Accounts After Data Breach

  /     /     /  
Publicated : 22/11/2024   Category : security


Sony Locks Accounts After Data Breach


Sony locks almost 100,000 accounts accessed by criminals who reused usernames and passwords stolen from a third-party site.



(click image for larger view)
Slideshow: 10 Massive Security Breaches
Sony has suffered a data breach involving the usernames and passwords of about 93,000 customers. But the exploit appeared to involve a massive number of credentials stolen from third-party sites, only some of which attackers were able to reuse to logon to peoples PlayStation Network (PSN), or Sony Online Entertainment (SOE), or Sony Entertainment Network (SEN) accounts.
These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites, or other sources, said Philip Reitinger, the chief information security officer (CISO) of Sony Group, in a
blog post
announcing the breach.
In other words, the unauthorized access of peoples Sony accounts resulted from their
reusing their usernames and passwords
across multiple sites. Given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our networks, he said. We have taken steps to mitigate the activity.
[Apples products continue to highlight what relatively secure environments look like. What can we learn from
Steve Jobs And Tech Security
?]
Sony has locked the affected accounts, and said its reviewing how accounts may have been accessed, and whether any unauthorized purchases were made. It said it would refund those purchases, but also that no credit card numbers were at risk.
For context, Reitinger said that the breach appeared to involve less than 0.1% of Sonys PSN, SEN, and SOE customer base. Sony is now reaching out to the 93,000 people whose external usernames and passwords attackers were able to match with their Sony accounts, and requiring them to reset their passwords. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account, he said.
Of course, Sonys security image is still reeling after its websites were compromised more than a dozen times earlier this year. In the most severe breach, which resulted in at least one
class action lawsuit
being filed, attackers stole information on more than 77 million PSN users, and the Sony gaming network was offline for more than a month.
In this case, Sony seems to be placing the blame for the attack on password reuse. But should Sony--especially given its status as the
most exploited attack target
of 2011--have done more to prevent such an attack from succeeding, not least by supplementing a system based solely on
usernames and passwords
?
The fact that people reuse passwords is a known issue. Sony should be requiring more than using a username and password. And in their situation, in which people are coming in from hardware that they know, theres no excuse, said Joseph Steinberg, CEO of Green Armor Solutions, which sells identity verification software.
For example, he said, many financial services firms and healthcare companies are demonstrating identity verification state of the art, including extensive behind-the-scenes logic to help detect unusual behavior on the part of someone using otherwise acceptable username and password access credentials. For example, is a user based in New York City suddenly trying to log in from London? Or is a login attempt coming from a PC thats never been used before? In either case, identity verification systems can escalate the authentication, requiring more than just usernames and passwords to log in.
In the case of PSN, furthermore, Sony could even be using a PlayStation as part of a multi-factor authentication mechanism. They control the hardware on the PlayStation, they should be doing strong authentication from that hardware, Steinberg said. They really need to start thinking of their system as a financial system, rather than a gaming system.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Sony Locks Accounts After Data Breach