93,000 accounts, 60,000 were PlayStation Network / Sony Entertainment Network accounts, and 33,000 were Sony Online Entertainment accounts.
It amounts to one tenth of one per cent of Sony’s total PSN, SEN and SOE audience. Sony has locked the accounts affected. Of the 93,000 accounts accessed, only a small fraction showed additional activity prior to being locked, Sony said. It is reviewing these accounts for unauthorised access.
“Please note, if you have a credit card associated with your account, your credit card number is not at risk,” Philip Reitinger, VP and Chief Information Security Officer of the Sony Group, wrote on the PlayStation Blog.
Sony has initiated requests for password resets for all accounts that had both a sign-in ID and password match through this latest attempt. If you’re in the group affected, you’ll receive an email from Sony at the address associated with your account that will prompt you to reset your password.
This latest attack rekindles memories of the much larger and more damaging hack Sony suffered in April.
The difference this time is that, according to Sony, the sign-in ID-password pairs used in the attempt on Sony’s networks appear to have been obtained from an outside source – not Sony’s networks.
“We have taken steps to mitigate the activity,” Sony said.
“We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet,” Sony promised.
“We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites,” Reitinger said.
“We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.”