Feeds

Sony implicates Anonymous in PlayStation Network hack

Legions 'duped,' company says

Intelligent flash storage arrays

PII from all PSN users lifted

“Information appears to have been stolen from all PlayStation Network user accounts, although not every piece of information in those accounts appears to have been stolen,” Hirai wrote. “The criminal intruders stole personal information from all of the approximately 77 million PlayStation Network and Qriocity service accounts.”

On April 26, Sony first warned users of the data theft.

Investigators have determined that the intruders issued commands that probed the compromised systems for user data related to their email addresses and other PII. The investigators have also “seen large amounts of data transferred in response to those queries.” So far, there are no “confirmed reports of illegal usage of the stolen information.”

Investigators have seen no server queries for credit card data, and credit card issuers have yet to report any fraudulent transactions believed to be a direct result of the security breach.

In all, 12.3 million PSN accounts contained data from credit cards, some of which may have been expired. About 5.6 million of the accounts belonged to people located in the US.

Hirai outlined several steps Sony is taking to improve security, including the naming of a new chief information security officer, who will report to Sony's chief information officer. The company also plans to relocate its PSN systems to a “new data center in a different location with enhanced security.”

Sony will also provide US-based users with “complimentary identity theft protection services,” and hinted at giving users in other countries a similar offering.

Hirai's account didn't provide crucial details about the encryption and cryptographic hashing used to secure credit card numbers and passwords respectively. If the hashing followed security best practices, the passwords would have been converted into unique text stings that would be impossible for the typical attacker to reverse. Encrypting credit card data could also go a long way to securing it, provided the private key wasn't also exposed.

The account also makes no additional references to Anonymous, a group that is best known for its capacity to DDoS, and on rare occasion, remotely compromise, the systems of people and companies whose policies the group opposes. There is no evidence Anonymous has ever engaged in hacking for profit.

Various people claiming to be Anonymous members have issued conflicting communiques, with some warning Sony it would soon experience the wrath of Anonymous and others disavowing any involvement in the Sony DDoS attacks.

Hirai's letter didn't address the seeming contradiction.

“What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes,” he wrote. “Sunday's discovery that data had been stolen from Sony Online Entertainment only highlights this point.” ®

This article was updated to report additional details.

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Don't wait for that big iPad, order a NEXUS 9 instead, industry little bird says
Google said to debut next big slab, Android L ahead of Apple event
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
A drone of one's own: Reg buyers' guide for UAV fanciers
Hardware: Check. Software: Huh? Licence: Licence...?
Jaguar Sportbrake: The chicken tikka masala of van-sized posh cars
Indian-owned Jag's latest offering curries favour with us
The Apple launch AS IT HAPPENED: Totally SERIOUS coverage, not for haters
Fandroids, Windows Phone fringe-oids – you wouldn't understand
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
Here's your chance to buy an ancient, working APPLE ONE
Warning: Likely to cost a lot even for a Mac
Xiaomi boss snaps back at Jony Ive's iPhone rival 'theft' swipe
I'll have a handset delivered. Judge us after you try us...
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.