Feeds

Sony implicates Anonymous in PlayStation Network hack

Legions 'duped,' company says

Boost IT visibility and business value

PII from all PSN users lifted

“Information appears to have been stolen from all PlayStation Network user accounts, although not every piece of information in those accounts appears to have been stolen,” Hirai wrote. “The criminal intruders stole personal information from all of the approximately 77 million PlayStation Network and Qriocity service accounts.”

On April 26, Sony first warned users of the data theft.

Investigators have determined that the intruders issued commands that probed the compromised systems for user data related to their email addresses and other PII. The investigators have also “seen large amounts of data transferred in response to those queries.” So far, there are no “confirmed reports of illegal usage of the stolen information.”

Investigators have seen no server queries for credit card data, and credit card issuers have yet to report any fraudulent transactions believed to be a direct result of the security breach.

In all, 12.3 million PSN accounts contained data from credit cards, some of which may have been expired. About 5.6 million of the accounts belonged to people located in the US.

Hirai outlined several steps Sony is taking to improve security, including the naming of a new chief information security officer, who will report to Sony's chief information officer. The company also plans to relocate its PSN systems to a “new data center in a different location with enhanced security.”

Sony will also provide US-based users with “complimentary identity theft protection services,” and hinted at giving users in other countries a similar offering.

Hirai's account didn't provide crucial details about the encryption and cryptographic hashing used to secure credit card numbers and passwords respectively. If the hashing followed security best practices, the passwords would have been converted into unique text stings that would be impossible for the typical attacker to reverse. Encrypting credit card data could also go a long way to securing it, provided the private key wasn't also exposed.

The account also makes no additional references to Anonymous, a group that is best known for its capacity to DDoS, and on rare occasion, remotely compromise, the systems of people and companies whose policies the group opposes. There is no evidence Anonymous has ever engaged in hacking for profit.

Various people claiming to be Anonymous members have issued conflicting communiques, with some warning Sony it would soon experience the wrath of Anonymous and others disavowing any involvement in the Sony DDoS attacks.

Hirai's letter didn't address the seeming contradiction.

“What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes,” he wrote. “Sunday's discovery that data had been stolen from Sony Online Entertainment only highlights this point.” ®

This article was updated to report additional details.

The essential guide to IT transformation

More from The Register

next story
Top Gun display for your CAR: Heads-up fighter pilot tech
Sadly Navdy kit doesn't include Sidewinder missile to blast traffic
FEAST YOUR EYES: Samsung's Galaxy Alpha has an 'entirely new appearance'
Wow, it looks like nothing else on the market, for sure
iPhone 6 flip tip slips in Aussie's clip: Apple's 'reversible USB' leaks
New plug not compatible with official Type-C, according to fresh rumors
YES YES YES! Apple patents mousy, pressure-sensing iVibrator
Fanbois prepare to experience the great Cupertin-O
Apple takes blade to 13-inch MacBook Pro with Retina display
Shaves price, not screen on mid-2014 model
TV transport tech, part 1: From server to sofa at the touch of a button
You won't believe how much goes into today's telly tech
NVIDIA claims first 64-bit ARMv8 SoC for Androids
Mile-High 'Denver' Tegra K1 successor said to rival PC performance
XBOX One will learn to play media from USB and DLNA sources
Hang on? Aren't those file formats you hardly ever see outside torrents?
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.