Attacks/Breaches

5/26/2011
05:44 PM
50%
50%

More Sony Problems Reported; Company Launches ID Theft Service

Debix gets the call to help thousands of PlayStation Network users affected by breach.

Amid further reports of compromises, Sony said yesterday that it has launched an identity theft protection offering for users who might have been affected by the breach of its PlayStation Network earlier this month.

Sony has brought in Debix to offer the AllClear ID PLUS identity theft protection program, which will be offered to PlayStation Network and Qriocity customers who are concerned about the exposure of their personal data in the hack of the network earlier this month.

"AllClear ID PLUS is a premium identity protection service that uses advanced technology to deliver alerts to help protect you from identity theft," Sony told users in a blog. "The service also provides identity theft insurance coverage and hands-on help from expert fraud investigators." Users who have been on the PlayStation Network since April 20 will be eligible for a free year of the service.

Sony on Tuesday reported yet another security breach, saying 8,500 user accounts had been compromised.

The breach, which occurred through Sony Music Entertainment Greece, affected artist websites where fans can sign up for newsletters. The sites were taken down immediately, the company said. The compromised records contained email addresses, phone numbers, user names, and passwords.

The sites, which were hosted by a third party, will be relaunched after a security review, the company said.

The news of the hack in Greece follows the report of vulnerabilities found on the Sony website in Japan.



Read the rest of this article on Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-2607
PUBLISHED: 2018-05-21
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users...
CVE-2018-1108
PUBLISHED: 2018-05-21
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
CVE-2018-11330
PUBLISHED: 2018-05-21
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.
CVE-2018-11331
PUBLISHED: 2018-05-21
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.
CVE-2018-7687
PUBLISHED: 2018-05-21
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.