• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Sony Loses 25 Million More Customer Account Details Through SOE (Sony Online Entertainment)

May 4, 2011

Views: 6,977

I actually misread this news at first and thought it was an additional leak from the Sony PlayStation Network (PSN) Hack that has been flooding the news, but sadly for Sony this is an entirely different hack carried out at the same time.

It turns out around the same time PSN got hacked SOE (Sony Entertainment Online) also got hacked and critically an ‘old’ payment details table was stolen that contained credit card details.

It looks like Sony has been hacked REAL hard this time, perhaps some splinter cell of Anonymous really is laying the smackdown on them.

Sony warned that personally identifiable information for an additional 25 million customers was exposed after discovering a massive security breach extended to its online computer games service.

The intrusion on Sony Online Entertainment systems exposed data for 24.6 million users, including their name, address, email address, birthdate, phone number, and login name. Those behind the attack likely also made off with passwords that were hashed, although Sony didn’t address critical details, including what hashing algorithm was used and whether random values known as salt were used to prevent crooks from converting hashes into cleartext.

Sony also warned that that the SOE attackers may also have stolen an “outdated database” that stored data for some 12,700 payment cards belonging to customers located in Europe. The majority of SOE card information was stored in a “main credit card database” that was “in a completely separate and secured environment” that Sony analysts don’t believe was accessed.

The warning came a day after Sony closed the SOE’s Station.com website, because investigators “discovered an issue that warrants enough concern for us to take the service down effective immediately.”

As mentioned in the previous post comments, Sony also warned that the PSN hack could have exposed 10 million credit card details.

The latest news is that SOE was hacked resulting in 25 million customer accounts being exposed and the possibility of 12,000 sets of payment details being exposed is there too.

If you add up the numbers – in one week Sony has managed to expose over 100 million user accounts, that’s quite a feat.

Combined with a previously reported hack on the company’s PlayStation Network, in which sensitive data for 78 million users is believed to have been stolen, the new disclosure means Sony has exposed personally identifiable information for 102.6 million user accounts. Sony has said that the passwords in the previously disclosed attack were also hashed, but so far hasn’t supplied the same crucial details.

For the first time, Sony hinted that it would compensate users for the cost of enrolling in programs designed to prevent identity theft. “The implementation will be at a local level and further details will be made available shortly in each region,” Tuesday’s press release from Sony said.

The company also said SOE users will get 30 free days of additional time on their subscriptions and compensation of one day for each day the system is down. Sony hasn’t said when it expects to restore SOE service. It has said that PSN and Qriocity services will be progressively restarted over the coming week.

The intrusion on SOE happened on April 16 and 17, around the same time as the attack on the PSN, from April 17 to April 19. Sony closed the PSN on April 20, but didn’t disclose the extent of the breach until six days later. Security experts have already said that the amount of information believed to have been stolen in the PSN hack, and the number of users affected, means the attackers had sustained access to the core parts of Sony’s network.

It seems like they are considering ways of compensating their users for the downtime, the same can’t be said for PSN as it’s a free service. I wonder if any more news is going to come out about this, if the main Sony database was breached that would be tragic.

I can see them getting in some hot legal waters over all this data-loss. There are rumours that the main credit card database was compromised, but so far Sony has denied this and stated there is no evidence pointing to that.

Either way it’s an interesting case and I’m just waiting to see where else it’s going to go.

Source: The Register

Share40
Tweet21
Share7
Buffer
WhatsApp
Email
68 Shares

Filed Under: Legal Issues, Privacy Tagged With: sony, sony hack, sony security



Reader Interactions

Comments

  1. DeborahS says

    May 5, 2011 at 11:31 am

    It is an interesting case. I wonder if this sequence of breaches will be big enough and serious enough to force a rethinking about the wisdom of keeping huge databases of user information on the web. It’s not really required to conduct business, and the practice certainly does expose people to a lot more harm than it does anybody good.

  2. Jen Wronski says

    May 9, 2011 at 1:58 am

    It’s going to be 18+ days before psn is restored. Fix the problem first then go head hunting for who’s responsible. Not the other way round

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

AgentSmith HIDS - Host Based Intrusion Detection

AgentSmith HIDS – Host Based Intrusion Detection

padre - Padding Oracle Attack Tool

padre – Padding Oracle Attack Exploiter Tool

Privacy Implications of Web 3.0 and Darknets

Privacy Implications of Web 3.0 and Darknets

DataSurgeon - Extract Sensitive Information (PII) From Logs

DataSurgeon – Extract Sensitive Information (PII) From Logs

Pwnagotchi - Maximize Crackable WPA Material For Bettercap

Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap

HardCIDR - Network CIDR and Range Discovery Tool

HardCIDR – Network CIDR and Range Discovery Tool

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (225)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (430)
  • Forensics (64)
  • Hacker Culture (8)
  • Hacking News (228)
  • Hacking Tools (681)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (72)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (218)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,180,694)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,172,332)
  • Top 15 Security Utilities & Download Hacking Tools (2,095,304)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,198,653)
  • Password List Download Best Word List – Most Common Passwords (931,748)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (774,391)
  • Hack Tools/Exploits (672,571)
  • Wep0ff – Wireless WEP Key Cracker Tool (528,815)

Search

Recent Posts

  • AgentSmith HIDS – Host Based Intrusion Detection August 31, 2023
  • padre – Padding Oracle Attack Exploiter Tool May 28, 2023
  • Privacy Implications of Web 3.0 and Darknets March 31, 2023
  • DataSurgeon – Extract Sensitive Information (PII) From Logs March 21, 2023
  • Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap February 12, 2023
  • HardCIDR – Network CIDR and Range Discovery Tool December 29, 2022

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2023 Darknet All Rights Reserved · Privacy Policy