Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • IT Management
    • Networking

    Attackers Compromise 93,000 Sony Accounts Using Passwords From Other Sites

    By
    Fahmida Y. Rashid
    -
    October 12, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Sony locked out 93,000 users on the PlayStation Network, Sony Entertainment Network and Sony Online Entertainment services after detecting mass log-in attempts into individual accounts.

      Attackers attempted to use a list of username and password combinations obtained from an unknown source to try to access PSN, SEN and SOE accounts, Philip Reitinger, Sony’s new chief information security officer (CISO), said in a statement posted on the PlayStation Blog on Oct. 11. The attack affected less than a tenth of a percent of all PSN, SEN and SOE users, and the majority of the log-in attempts failed, according to the statement.

      Sony locked 93,000 accounts because the attackers managed to successfully log in to those accounts. The breakdown was approximately 60,000 PSN and SEN and 33,000 SOE accounts, and the attempts occurred between Oct. 7 and Oct. 10, according to Reitinger. Only a “small fraction” of those compromised accounts had any activity before Sony managed to lock them down, he said.

      “We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them,” said Reitinger, adding that even if the users had credit card numbers associated with the account, they were not at risk. The company will work with users who report unauthorized purchases made through the account.

      A “large amount of data” obtained from one or more compromised user lists obtained from other companies, sites or sources was used in the attack, according to Reitinger. The fact that the “overwhelming majority” of log-in attempts failed is an indicator that the list came from an external source and not Sony, he said.

      Considering the amount of username and password information that has been dumped this year alone, there are a lot of lists available for criminals looking for them. Analysis on password information stolen and leaked from sites like Gawker has shown that password reuse is rampant and a big security issue for online services.

      Attackers are simply working on the assumption that people typically use and reuse the same account names and passwords across multiple personal online accounts, according to Geoff Webb, senior product marketing manager at Credant Technologies. Considering that Sony had to lock down 93,000 accounts, it appears that it “was a good assumption to make,” Webb told eWEEK.

      Even though Sony has clearly reacted quickly to stop this potential breach, users may simply see the incident as yet another Sony problem without stopping to consider who may be to blame, Webb said. “That makes it a no-win situation for Sony,” he added.

      Sony has reached out to affected users to prompt them to reset their passwords, according to Reitinger, who reminded users never to select a username-password combination that is associated with other online services or sites.

      “We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account,” Reitinger said.

      In April, unknown attackers breached Sony’s Qriocity video and music service, PlayStation Network and Sony Online Entertainment and stole information from more than 100 million accounts. The company shut down the services for over a month and a half to rebuild the systems and came under fierce criticism for security gaps, such as not having a CISO and not running updated software on the servers. Smaller attack groups also capitalized on Sony’s woes, attacking and dumping data from other Sony properties in May.

      As more and more content and services move online, the number of digital identities that consumers need to manage keeps growing, but identity management hasn’t kept up, according to Webb. The industry still relies on a username and a password, a “paradigm created in the 1950s,” which is a “terrible way to authenticate,” Webb said.

      “We’re stuck with it because, for now at least, it’s cheap and well-understood by users and developers,” said Webb.

      Fahmida Y. Rashid
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×