Sony Reels From Massive Customer Data Breach

  /     /     /  
Publicated : 22/11/2024   Category : security


Sony Reels From Massive Customer Data Breach


PlayStation account-holder data likely still at risk.



Sony is facing the ire of online-game-playing customers, and the scrutiny of security analysts, in the wake of attacks that exposed the account information of more than 100 million people.
Sony suspended its online games in early May until we could verify their security, the company said. This came after it learned attackers had gotten access to more than 70 million account identities on its PlayStation Network and Qriocity services, followed by a second disclosure that 24.5 million additional user accounts had been compromised in mid-April. That second breach hit Sony Online Entertainment division systems; SOE is best known for its massively multiplayer games, including EverQuest II and Clone Wars Adventures.
Sony said it initially thought SOE customer data hadnt been stolen in the attacks. Information affected may include a users name, address, email, gender, birth date, and phone number, as well as login name and a hashed password.
And, in a warning to companies that dont have solid data-deletion practices, Sony said hackers may have nabbed some credit card data from an outdated database from 2007 containing about 12,700 credit or debit card numbers and expiration dates and 10,700 direct-debit records listing bank account numbers.
Sony protected the passwords that were stolen using a cryptographic hash function, not encryption, a problem because hashing can have limits. Earlier this year, for example, to demonstrate weaknesses in the SHA1 secure hash algorithm, German security researcher Thomas Roth rented $2.10 of computing power from Amazons EC2 cloud to crack 14 SHA1 hashes.
The fallout from attackers getting user names and passwords may be significant since many people use the same credentials on multiple sites, including banking sites. Another worry is that the data may end up built into a botnet, which could use stolen but legitimate credentials to bypass spam filters and security defenses.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Sony Reels From Massive Customer Data Breach