Heads Up: Sony's New Security Team Put To Test, Reminder To Be Vigilant
Posted by Sammy Barker
Right, first of all, let's not all lose our head
Sony hasn't been "hacked" again. Quite the contrary. It seems someone else got hacked, and that resulted in a massive spike of log-in attempts across the PlayStation Network. The good news is that Sony's new security team seems much better prepared for potential rogue activity. Perhaps too prepared, as a new blog post explaining the situation has sent a number of message boards into overdrive.
Chief information security officer Phillip Reitinger explained on the PlayStation Blog, "We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity."
Reitinger continued that less than one tenth of one percent (0.01%) of access attempts were successful resulting in some 93,000 accounts being accessed, though Reitinger stressed that no credit card data was compromised. Sony has frozen these accounts and any associated Sony Online Entertainment accounts — requiring users to reset their password before they can regain entry.
The real moral here is not that "Sony messed up again" as some are clearly hoping, but that you must use an alternative password on every website and service you use. It's just imperative these days. Because — as is the case here — if your password and e-mail addresses match up with multiple services, it only takes one successful hack / leak to get access to every one of your accounts. Which is scary.
Reitinger concluded, "We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites."