As Sony apologizes to 77 million Americans for the theft of their information, another 24.6 million users are compromised. Today, Sony admitted today that hackers have successfully stolen personal information from about 24.6 million accounts within their Sony Online Entertainment division.
This attack comes only days after patching the first outage that occurred between April 16 – 17, where their popular PlayStation Network (online gaming) was also attacked, leaving 10 million credit cards at risk. If this PR nightmare couldn’t get any worse, Sony (NYSE: SNE) now needs to patch a whole that shares both American and International user information.
In Sony’s statement they admitted late Monday that an unknown hacker not only stole user information, which includes names, address, e-mail, birth date, gender, login name and hash password, but also outdated database contacts from 2007. The outdated information included “12,700 non-U.S. credit or debit card numbers and expiration dates, but not the 3-digit security code. The hacker was also successful in gaining 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.”
According to the email notices sent to SOE users, “we encourage you to be especially aware of email, telephone and postal mail scams that ask for personal or sensitive information.”
As Sony now faces even harsher criticism for their security, they did issue a response to the first attack, offering 30 free days of its premium PlayStation Plus membership, as well as an additional free 30 days to the subscriptions of current subscribers.
While Sony was unable to be reached, the company did speak with The Associated Press, indicating that they would be shutting down servers related to Sony Online Entertainment as they investigate the cause of the hack. They also stood by their earlier statements that no evidence has been shared to prove any of the information stolen has been used for financial gain.
Update: Sony says the 24.6 million accounts that may have been compromised were part of the original cyber attack from roughly two weeks earlier. The network was not breached for a second time.