PlayStation breach compromises millions of users' online data

Sony announced Tuesday that its PlayStation data center, which supports its online gaming network, experienced a massive cyberattack. Intruders gained access to the personal data of an estimated 77 million PlayStation users. Sony began investigating unusual activity April 19 and shut down the network April 20.

“This is one of the biggest data heists we have ever seen, both in terms of the number of people affected and the wide variety of data that appears to have been compromised,” said Fred Cate, director of the IU Center for Applied Cybersecurity Research. “Even if it turns out credit card data wasn’t stolen, the consequences of this
attack are huge.”

Sony’s online network is one of its most lucrative services. In its official blog, Sony announced that the disruption was caused by an “external intrusion.”

It is unknown who is responsible for the heist, and so far no hacker group has come forward to claim responsibility for the attack. The company suggested that the rogue hacker group Anonymous might be responsible.

Anonymous has entered the system before in retribution for Sony’s legal action against one of their hackers, but that attack only brought down the service for a very short time. However, Anonymous reported on its site, “While it could be the case that other Anons have acted by themselves, AnonOps was not related to this incident and does not take responsibility for whatever has happened.”

Sony is currently working with the FBI, other authorities and forensic firms to investigate the cyber attacks.

During the first attack, the intruders obtained personal information on some 77 million players. While Sony was investigating the breach, it discovered that up to 24 million more accounts were hacked.

In this intrusion, it has been shown that about 23,400 financial records from an outdated 2007 database involving players outside the U.S. may have been stolen.

It is still unclear whether or not intruders obtained credit card information.
PlayStation spokesman Patrick Seybold also said that while user passwords had not been encrypted, they were transformed using a simpler function called a hash that did not leave them exposed as clear text.

“Password data is very revealing,” Cate said. “Many people reuse the same passwords and reset-questions across most, if not all, sites they use.”