Feeds

Sony implicates Anonymous in PlayStation Network hack

Legions 'duped,' company says

Secure remote control for conventional and virtual desktops

PII from all PSN users lifted

“Information appears to have been stolen from all PlayStation Network user accounts, although not every piece of information in those accounts appears to have been stolen,” Hirai wrote. “The criminal intruders stole personal information from all of the approximately 77 million PlayStation Network and Qriocity service accounts.”

On April 26, Sony first warned users of the data theft.

Investigators have determined that the intruders issued commands that probed the compromised systems for user data related to their email addresses and other PII. The investigators have also “seen large amounts of data transferred in response to those queries.” So far, there are no “confirmed reports of illegal usage of the stolen information.”

Investigators have seen no server queries for credit card data, and credit card issuers have yet to report any fraudulent transactions believed to be a direct result of the security breach.

In all, 12.3 million PSN accounts contained data from credit cards, some of which may have been expired. About 5.6 million of the accounts belonged to people located in the US.

Hirai outlined several steps Sony is taking to improve security, including the naming of a new chief information security officer, who will report to Sony's chief information officer. The company also plans to relocate its PSN systems to a “new data center in a different location with enhanced security.”

Sony will also provide US-based users with “complimentary identity theft protection services,” and hinted at giving users in other countries a similar offering.

Hirai's account didn't provide crucial details about the encryption and cryptographic hashing used to secure credit card numbers and passwords respectively. If the hashing followed security best practices, the passwords would have been converted into unique text stings that would be impossible for the typical attacker to reverse. Encrypting credit card data could also go a long way to securing it, provided the private key wasn't also exposed.

The account also makes no additional references to Anonymous, a group that is best known for its capacity to DDoS, and on rare occasion, remotely compromise, the systems of people and companies whose policies the group opposes. There is no evidence Anonymous has ever engaged in hacking for profit.

Various people claiming to be Anonymous members have issued conflicting communiques, with some warning Sony it would soon experience the wrath of Anonymous and others disavowing any involvement in the Sony DDoS attacks.

Hirai's letter didn't address the seeming contradiction.

“What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes,” he wrote. “Sunday's discovery that data had been stolen from Sony Online Entertainment only highlights this point.” ®

This article was updated to report additional details.

The essential guide to IT transformation

More from The Register

next story
Apple's iWatch? They cannae do it ... they don't have the POWER
Analyst predicts fanbois will have to wait until next year
The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
And yes it does need a fat HDD (or SSD, it's cool with either)
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Apple to build WORLD'S BIGGEST iStore in Dubai
It's not the size of your shiny-shiny...
Just in case? Unverified 'supersize me' iPhone 6 pics in sneak leak peek
Is bigger necessarily better for the fruity firm's flagship phone?
Steve Jobs had BETTER BALLS than Atari, says Apple mouse designer
Xerox? Pff, not even in the same league as His Jobsiness
Apple analyst: fruity firm set to shift 75 million iPhones
We'll have some of whatever he's having please
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?