Sony Online Entertainment loses 12,700 credit cards, 24.6 million accounts compromised
Sony Online Entertainment has revealed it has "lost" 12,700 customer credit card numbers due to the breach of approximately 24.6 million accounts.
The fires at Camp Sony continue to be stoked, as Sony Online Entertainment has announced it has lost 12,700 customer credit card numbers as the result of an attack on its infrastructure, which saw the breach of approximately 24.6 million accounts.
"This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007," a press release revealed today.
As reported earlier today, SOE pulled the plug on its online service after it had learned of the attack late last evening. Today, SOE revealed the grim truth behind the situation: "approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, the Netherlands, and Spain" have been lost. Apparently, according to the SOE release, the content was from "an outdated database from 2007."
Of the nearly 13,000 lost credit cards, 4,300 are allegedly from Japan, with the remaining aforementioned countries making-up the difference.
Sony Online Entertainment links the situation directly to the ongoing PSN attack, which has forced the PS3 and PSP online service offline since Wednesday, April 20. As neither service is connected, it is unclear how the two situations are linked, considering Sony had previously said the SOE services were safe.
Sony notes it is currently working "with the FBI and continuing its own full investigation while working to restore all services." The full press release from Sony Online Entertainment is available to read at SOE's official site.
-
Shacknews
replyXav de Matos posted a new article, Sony Online Entertainment loses 12,700 credit cards, 24.6 million accounts compromised.
Sony Online Entertainment has revealed it has "lost" 12,700 customer credit card numbers due to the breach of approximately 24.6 million accounts.-
-
This SOE situation, specifically, is based on credit card information in Japan and select European regions.
-
-
-
Oops.
-
-
-
-
to make it easier for people to resubscribe, why else do you think?
when most cards expire the account number doesn't change... and it's obviously in their business interest to make resubscribing as frictionless a process as possible.
-
I mean when cards get renewed, but you get what I'm saying
-
[deleted]
-
sure, hindsight is 20/20... but this is common practice with the very large majority of online retailers. Newegg, Amazon, they all do this.
-
[deleted]
-
there was a gigantic breach at TJX about 4 years ago, it was a nightmare... millions of card numbers stolen
-
-
-
-
[deleted]
-
-
-
-
-
-
[deleted]
-
-
[deleted]
-
-
-
-
[deleted]
-
-
[deleted]
-
sarcasm?
-
[deleted]
-
[deleted]
-
[deleted]
-
[deleted]
-
we get it, you don't care about your privacy. That's evident from all your posts on the topic. Is it so hard to believe that some of us really, truly value ours?
This isn't about the inconvenience of canceling a single credit card. Identity theft can take YEARS to completely sort out, and with all our personal information, answers to secret questions, etc. compromised we may be exposed for years to come.-
-
Really? This argument again?
"You don't really have any control over who has your personal information so why protect it?"
The same reason you lock your house or your car. Sure, you're never going to stop someone who REALLY wants to get in but you can keep the idly curious out. Keep the honest, honest. And if you make it more difficult to get into your house, car or get your info you make it much more likely that the crooks will go after easier targets.-
I don't disagree with that principle, just the reality of the world we now live in makes it pretty much an irrelevance. The physical security of your house or your car are things that exist within your own control, the security of your abstracted "data" identity are not in any meaningful sense.
I did a lot of work on privacy theory in college, then went to work for the monitoring dept of a cellphone network afterwards - all both experiences showed me is that if you interact with the internet, cell phones, credit cards etc at all then data privacy is a total delusion.
Not that you shouldn't care if Sony lose your data and they shouldn't be punished for it, but you should accept that by putting it out there it will get eventually get lost by someone and even if it isn't it will still be accessible by more people than you will ever have any awareness of. The idea that one specific breach exposes you to risks that you weren't already chronically exposed to doesn't hold up. -
-
-
-
-
-
[deleted]
-
[deleted]
-
-
-
-
[deleted]
-
I don't think there can be any doubt now that Sony and its divisions are being specifically targeted for exploitation. It might not even be the end of it as Sony has its own e-commerce website that is probably ripe for the picking now. I'm kinda interested to see if a precedent gets set in terms of how this company (and others) reacts to hackers and crackers in the future.
-
-
And what, everyone else is using better security than Sony, and are probably impenetrable? Don't kid yourself, this shit could happen to a LOT of businesses.
-
-
They were also in the middle of building a new datacenter. So is it negligence? Or poor timing? Both? It's just ridiculous reading everyone's scathing remarks for Sony when this could have and has happened to other large companies.
Also, it doesn't really make sense for this to be an attack on Sony. It sounds a lot more like someone is trying to profit from this information.-
-
Doesn't mean they should be.
-
-
-
-
I'm wondering if it will. Right now, Sony seems to be taking the brunt, but is everyone else's security really that much better? Could this not happen to any other major retailer?
(I'm not being sarcastic. I honestly don't know)
I imagine a lot of companies are taking a long hard look at their security protocols right now, though. -
[deleted]
-
Microsoft is. As we have repeatedly detailed they never exchange user information back to the client (Xbox 360). Their login method uses appropriate security where an encrypted tunnel is established, a login/password hash is passed from client (xbox) to server (Live) and if successful, a security token is returned that allows the client to connect.
Never is user data exposed to the client.
That's similar to how other login systems work. Sony's was not secured that way. Their system trusted the client.
-
-
-
-
so the breached accounts, what does it mean, they have your log info for you SOE MMO games?
after changing a password and secret question what can they do? -
[deleted]
-
SHOULD HAVE PAID FOR YOUR ONLINE HAHAHA GET A XBOX SONS
-
