I’m sure you are saying, “Oh God, not again…”
Sony has announced on the PlayStation Blog that thousands of user IDs and passwords have been compromised, about two-thirds of which are from the Sony Entertainment Network and PlayStation Network and the final third coming from Sony Online Entertainment.
This time, Sony says that they have detected attempts to “test a massive set of sign-in IDs and passwords against our network database.” They say that the IDs and passwords appear to have been pulled from a “compromised list” from a third-party, not PlayStation itself.
The good news is that Sony says the “overwhelming majority” of attempts to access accounts failed –
In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.
But that doesn’t mean that some users weren’t affected. Sony says that it totals out to less than 0.1% of PSN and SOE users, but that number is 93,000 global accounts (60K from the PSN and SEN). So almost 100,000 attempts to match user IDs and passwords succeeded, which is still pretty significant. Sony is temporarily freezing these accounts.
Apparently Sony didn’t see much activity on the compromised accounts prior to locking them, so the damage might have been held to a minimum.
They also say that they will work to restore funds that disappear under suspicious circumstances.
But it looks like Sony is handling this latest incident well, which means that they have learned from past mistakes. One of the biggest complaints by PSN users during the previous hacking was Sony’s lack of transparency. Most people just wished that Sony would have been more forthcoming with any and all information they had regarding possible intrusions.
This time, Sony seems to be on top of thing and quite informative with PSN users. You can see the difference in the comments on the blog post as well as the rating of the post. For a post about user accounts being hacked, a 4.73 out of 5 rating isn’t too shabby.
Let’s just hope that this remains a relatively non-serious situation.