SOE has a new press release this morning, the meat of which is quoted below, since I expect it will disappear from the Sony site at some future date. Comments and a couple of links follow.
SONY ONLINE ENTERTAINMENT ANNOUNCES THEFT OF DATA FROM ITS SYSTEMS
Breach Believed to Stem From Initial Criminal Hack of SOE
Tokyo, May 3, 2011 – Sony Corporation and Sony Computer Entertainment announced today that their ongoing investigation of illegal intrusions into Sony Online Entertainment LLC (SOE, the company) systems revealed yesterday morning (May 2, Tokyo time) that hackers may have stolen SOE customer information on April 16th and 17th, 2011 (PDT). SOE is based in San Diego, California, U.S.A.
This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.
With the current outage of the PlayStation® Network and Qriocity™ services and the ongoing investigation into the recent attacks, SOE had also undertaken an intensive investigation into its system. Upon discovery of this additional information, the company promptly shut down all servers related to SOE services while continuing to review and upgrade all of its online security systems in the face of these unprecedented cyber-attacks.
On May 1, Sony apologized to its customers for the inconvenience caused by its network services outages. The company is working with the FBI and continuing its own full investigation while working to restore all services.
Sony is making this disclosure as quickly as possible after the discovery of the theft, and the company has posted information on its website and will send e-mails to all consumers whose data may have been stolen.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:
- e-mail address
- phone number
- login name
- hashed password.
In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:
- bank account number
- customer name
- account name
- customer address.
SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a “make good” plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.
Well, that upped the ante. Yesterday it was just 23,400 accounts, 12,700 pre-2007 credit card records and 10,700 direct debit records.
Now the count is up to 24.6 million.
24.6 million accounts accounts from SOE plus 77 million accounts from the PlayStation Network brings the stolen accounts tally over the 100 million mark.
For perspective, if each of those accounts represented a single individual, the total would surpass in population the Philippines, the 12th most populous country in the world.
So as the PlayStation Network is about to lurch into its third week of being down, I fully expect to not be able to log into any SOE game for a second night, and likely a few more nights after that.
Over at I, Cringely there is a post up looking at credit card security rules, Japanese society, and how Sony might get themselves out of this mess. Sony cannot start running again until they lock down all this customer data, and it sounds like they have been slack on that so far so they have a lot of work to do.
And over at the EQ2 Wire, where they suddenly have very little on which to report besides “servers still down,” there is a poll up asking users to speculate when they think SOE games will be up and available to play.
The current going winner is Friday.
Is that optimism or pessimism?