An Important Message From Sony’s Chief Information Security Officer

267 0
An Important Message From Sony’s Chief Information Security Officer

We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.

Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.

As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password.

Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on.

We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.

Comments are closed.


  • All my new psn passwords are in one place, my wallet.

  • Thanks for the data!

  • Says in Yoda voice “Xbox 360 fanboys will troll….”

  • Hey Phil, did you catch this before or after sony tried to take away my right to legal action?

  • @Fat_lazy_slug I hope you opted out of that BS. I know I did, even though that kind of stuff Sony’s trying won’t hold up in court where I live

  • Do we get the email now or soon?

  • Im sick of these mother effing hackers being jerks. Let us play in peace! And thank you sony for posting this so quickly to. It is always nice to hear about it ASAP

  • Sony it not ur fault it just people think its funny to make psn look bad the best way to keep hacker from ruining sony step it up more an strength the network an do everything u can to keep hackers an jail breakers from bypassing the network just upgrade everything fix the firewall an scan the network to make sure nobody tries anything stupid like hacking

  • Well that explains why I’ve been locked out of my account then…

  • Even if things go wrong, I still have a bunch of PS2 games. :)

  • Before all the retarded fanboys get in here I will explain what happened in non-lawyer gibberish (even though it is not that hard to understand in its current form). Someone stole a list of usernames/passwords from some other source (forum, website, service, ect.) they then used those usernames/passwords to try to get into PSN accounts that have those same usernames/passwords.

    In this day and age you have to be crazy to use the same password on many sites. Your stuff will get hacked!

  • Banned those jailbreakers off socom confrontation !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  • Thanks for the update.

  • I just ask why…

  • why is this still going on, and with all your Make.Believe Security upgrade, why haven’t you detected who these people are by now? i want these questions answered by Fony personally!

  • at lease sony is getting better

  • Best Sony security response ever.

    People try to hack networks and online accounts – we know that, we understand that. (Well, some people might not understand, but they obviously don’t know how tough cyber-security is in the mordern age)

    But, for me, knowing that Sony knows exactly what’s going on, and they have the balls to tell us clearly what happened and how they’ve fixed it gives me peace of mind.

    Good job, Sony and Mr SVP & Chief Information Security Officer

  • C’mon people! I don’t like this. What do people think its fun to hack? I better not be one of the locked accounts. I’m not blaming sony. I am also glad that they didn’t wait a week to inform us. But please don’t shut psn down again this hacking stuff is getting old.

  • I am 1 of the 93,000. zzz. at least I have this 2nd account to play online with until this is all fixed

  • Thank you for informing us. Keep up the transparency with your customers!

  • This wasn’t a hack either Sony or who ever they sold/shared our info with screwed up and lost that Info, then who ever got hold of that info used it to try to brute force there way in.

  • @Newhopes

    Or more likely someone stole a stack of emails and passwords from a gaming-related forum, and a small number of those emails and passwords matched with PSN accounts

  • All you people saying “this needs to stop” or actually thinking this one is sony’s fault, reread the article, they are saying someone elses database was clearly compromised, and becomes SOME people use the same login/password on other sites, is why the compromised 3rd party credentials worked. However in most cases the credentials failed because they were NOT sony credentials that were compromised. Does this not make sense to all of you raging at sony for no reason on this one?

    Translation, don’t sign up for bobs video game phpbb 2.0 board that hasn’t been updated sice 2006 using same email/pw and expect it to go well for you when his board is hacked and the hacker desides “well this was a video game board, i’m gonna try all these logins on the sony network”. Because that is exactly what happened here.

  • It’s got to be more than just using passwords from a game board. Because A: My psn account has an email address that I don’t use anywhere else. B: I’m not a member of ANY game boards. So yea, that’s not the case. So why is my account locked? It’s also not psn down because out of my 3 accounts, two work. Yet my PLUS account, which is my main, says password invalid. Really peeving me off now. I got kicked mid-game just to get a invalid password message. I can’t even log into these forums with that account. Nor have I got this supposid email from Sony.

  • I didn’t play today and this happened. Oh well at least i know what’s going on, unlike last time.
    Thumbs up for Sony.

  • nice work looking into this Sony, not many companies actually would

  • I’m surprised that many people aren’t using different passwords for different sites… it is essential

    Guys – always have a secondary email for sites that might seem less secure. You can use email forwarding if you want notifications to reach your primary account.

    Always use different passwords for different sites.

    It’s good to have a system for creating a password that contains letters and numbers, and would be unique to a particular site. That means that you’ll never forget a particular password, but people will find it hard to guess your other passwords even if they obtain one.

  • My main account RikkaHime has been affected! I can’t log into my account and I haven’t received any e-mails on the matter. Please help me Sony! Please send me an e-mail so I can change my password. Thank you.

  • What dumb hackers. I hope everyone changed their password for PSN to a password different than other passwords. Can the police at least track this idiot to an IP address and bust them?

  • Thanks for updating us :D

  • bann those call of duty world at war hackes ASAP!

  • Philip Reitinger: I think it would be good for you as Sony’s Chief Information Officer to also recommend that users that it would be wise to change their passwords as frequent as possible. A good guideline is to do it every 2-3 months. However, this would be completely voluntary.

    This is effective to use with other services that use passwords or pin numbers. It might be an inconvenience to all but its really is the best way to secure your info other than closing all accounts.

  • thanks for the update on the situation I’m just wondering if this would be followed by a new system update

  • ok so what if the email set to the account has been closed. is there a way to link the said account to a new email address

  • In short, these people gathered the info from another site that is not very secure (email and password) and tried that info on the PSN authentication servers.

    I know it’s a pain people but try to use different passwords with less secure sites.

  • I got an email yesterday to change my password or that my password was changed.

    I changed it, but I just tried to access it again and the password is not working. I can continue to change the password but can’t login as it says the username or password is not correct.

    It’s like an endless loop of “username or password incorrect ” “create new password” “username or password incorrect “

  • finally PR learning from it’s mistakes…

  • Thanks for the update.

  • Thanks Sony for informing us about this, this is a very serious matter. Making it a quick to tell us was even better, these hackers need to be caught right away because I’m pretty sure no one wants another PSN Outrage incident like before. Sony make sure you keep us updated!

  • If after the first PSN breach, as well as numerous other breaches experienced just this year alone on various sites, you’re STILL using the same username and password on multiple sites, you deserve to have your account compromised.

    How hard is it to have a unique password everywhere you have to register an ID? If it’s difficult for you, get a password manager!

  • i agree with the sentiment of all people here.thank you sony for telling us and also for being alert!

  • @17: They might have taken their ID/password combinaisons from another site’s database and tried them all to see if they worked on PSN since many of them didn’t work. It doesn’t mean there is a leak in Sony’s database…

  • OK, so SONY’s been HACKED yet again… So what i want to know now is… Where are our FREE Games this time and how about 250 FREE Home item’s this time to make it all Better?

    Well someone had to ask! And now we wait our FREE STUFF!

    Come on SONY u Know we like FREE STUFF!

    By: DCS

  • I hope you’re joking DCS-Tekken. This is no hack. It’s just an idiot or idiots trying to log into accounts from information they got from another site. I guess you could say someone else was hacked.

  • You do understand that they took away your right to a CLASS ACTION SUIT, you are still able to sue them for whatever reason individually.

  • The Lulz Boat has sailed again!!! trollolololz…j/k people..I am sure all will be ok so no need to get your thongs in a twist lol

  • BTW it is 2:44 am here Sony not 11:44 pm like this post is going to say…smh lol

  • damn hackers better back off rawr!

  • I love how this is being blown up as a “hack attempt” when it’s clearly not. It’s clearly an exploitation of the fact that many people online don’t use different passwords for their online accounts, and usually use the same handle across many different sites as well. Making it really easy for them to steal everything from you.

    USE DIFFERENT PASSWORDS. I can’t remember half of mine, but at least if I lose one account I won’t lose it all.

Please enter your date of birth.

Date of birth fields