Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • IT Management
    • Networking

    Attackers Compromise 93,000 Sony Accounts Using Passwords From Other Sites

    By
    Fahmida Y. Rashid
    -
    October 12, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Sony locked out 93,000 users on the PlayStation Network, Sony Entertainment Network and Sony Online Entertainment services after detecting mass log-in attempts into individual accounts.

      Attackers attempted to use a list of username and password combinations obtained from an unknown source to try to access PSN, SEN and SOE accounts, Philip Reitinger, Sony’s new chief information security officer (CISO), said in a statement posted on the PlayStation Blog on Oct. 11. The attack affected less than a tenth of a percent of all PSN, SEN and SOE users, and the majority of the log-in attempts failed, according to the statement.

      Sony locked 93,000 accounts because the attackers managed to successfully log in to those accounts. The breakdown was approximately 60,000 PSN and SEN and 33,000 SOE accounts, and the attempts occurred between Oct. 7 and Oct. 10, according to Reitinger. Only a “small fraction” of those compromised accounts had any activity before Sony managed to lock them down, he said.

      “We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them,” said Reitinger, adding that even if the users had credit card numbers associated with the account, they were not at risk. The company will work with users who report unauthorized purchases made through the account.

      A “large amount of data” obtained from one or more compromised user lists obtained from other companies, sites or sources was used in the attack, according to Reitinger. The fact that the “overwhelming majority” of log-in attempts failed is an indicator that the list came from an external source and not Sony, he said.

      Considering the amount of username and password information that has been dumped this year alone, there are a lot of lists available for criminals looking for them. Analysis on password information stolen and leaked from sites like Gawker has shown that password reuse is rampant and a big security issue for online services.

      Attackers are simply working on the assumption that people typically use and reuse the same account names and passwords across multiple personal online accounts, according to Geoff Webb, senior product marketing manager at Credant Technologies. Considering that Sony had to lock down 93,000 accounts, it appears that it “was a good assumption to make,” Webb told eWEEK.

      Even though Sony has clearly reacted quickly to stop this potential breach, users may simply see the incident as yet another Sony problem without stopping to consider who may be to blame, Webb said. “That makes it a no-win situation for Sony,” he added.

      Sony has reached out to affected users to prompt them to reset their passwords, according to Reitinger, who reminded users never to select a username-password combination that is associated with other online services or sites.

      “We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account,” Reitinger said.

      In April, unknown attackers breached Sony’s Qriocity video and music service, PlayStation Network and Sony Online Entertainment and stole information from more than 100 million accounts. The company shut down the services for over a month and a half to rebuild the systems and came under fierce criticism for security gaps, such as not having a CISO and not running updated software on the servers. Smaller attack groups also capitalized on Sony’s woes, attacking and dumping data from other Sony properties in May.

      As more and more content and services move online, the number of digital identities that consumers need to manage keeps growing, but identity management hasn’t kept up, according to Webb. The industry still relies on a username and a password, a “paradigm created in the 1950s,” which is a “terrible way to authenticate,” Webb said.

      “We’re stuck with it because, for now at least, it’s cheap and well-understood by users and developers,” said Webb.

      Avatar
      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×