Attacks/Breaches
5/3/2011
11:27 AM
50%
50%

Sony Reports 24.5 Million More Accounts Hacked

After a second breach, the company suspends all Sony Online Entertainment multiplayer games as the number of compromised user accounts exceeds 100 million.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Sony on Tuesday disclosed that another 24.5 million user accounts were compromised by attackers in mid-April, this time in a breach of its Sony Online Entertainment (SOE) division systems. The division is best known for its massively multiplayer games, which include EverQuest II and Clone Wars Adventures.

According to a notice posted on the SOE website, Sony has temporarily suspended all online multiplayer SOE games "until we could verify their security."

The newly discovered breach is the latest security setback for the consumer electronics giant, which saw sales of $77.8 billion for its 2010 fiscal year. All together, the total number of accounts compromised by attackers in the past month now stands at more than 100 million.

In a statement released on Tuesday, Sony said that "we had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible." Stolen information may include a user's name, address, email address, gender, birth date, and phone number--if supplied by the user--as well as their login name and a hashed password.

Some credit card data also was compromised in the SOE breach. Surprisingly, Sony said the data was from "an outdated database from 2007 containing approximately 12,700 non-U.S. customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands, and Spain may have also been obtained." Sony says it is notifying affected customers as quickly as possible.

Security experts reacted with surprise at Sony's rolling disclosures. "How many locations on your network are housing other 'lost' financial data?" said Chester Wisniewski, a senior security advisor at Sophos Canada, in a blog post. "Do you even know where my information is to check whether it has been stolen?"

Sony's disclosure of the newly discovered breach at SOE come as the company is still investigating the extent of the previously reported breach of its PlayStation Network and Qriocity services, which affected 77 million users and has already been the subject of a U.S. lawsuit that seeks class action status.

Sony said on Monday that while passwords stolen in the PlayStation Network and Qriocity intrusions weren't encrypted, they also weren't stored in clear text. Rather, "they were transformed using a cryptographic hash function," said Sony's senior director for corporate communications and social media, Patrick Seybold, in a website statement.

But hashing doesn't automatically equal unbreakable security, said Wisniewski at Sophos. "Sony was quick to note that the passwords had been hashed, but has not disclosed which hashing algorithm was used and whether they used a salt when calculating the hashes."

Earlier this year, for example, to show that the SHA1 secure hashing algorithm is weak, German security researcher Thomas Roth rented $2.10 of computing power from Amazon Elastic Compute Cloud (EC2) to crack 14 SHA1 hashes.

John P. Pironti, president of IP Architects, said in a telephone interview that the worry is that attackers will recover valid username and password credentials, which they can apply to websites en masse. "People only use one password for a lot of sites," he said. Another worry is that the information may end up built into a botnet, as with Waledac, which uses stolen but legitimate credentials to bypass spam filters and security defenses.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.