Sony has confirmed that it has detected attempts to “test a massive set of sign-in IDs and passwords against our network database.” Sony is quick to point out that no credit card information is at risk, but 93,000 accounts may have been affected.
According to an announcement on the PlayStation Blog, less than 0.1 percent of the PlayStation Network, Sony Online Entertainment, and Sony Entertainment America accounts were affected (translating to some 93,000 accounts globally—60,000 from PSN/SEN, 33,000 from SOE).
The announcement states that the attempts included a large amount of data obtained from “one or more compromised lists from other companies, sites, or other sources.” Philip Reitinger, VP & chief information security officer, Sony Group, explained that based on this information, it appears the data came from a source outside of Sony’s three networks.
“We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet,” Reitinger wrote.
It should be noted that there is no mention of PSN downtime associated with this apparent issue, and the actual timeline is a bit unclear.
Sony is requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. Look for an email from Sony if your account was compromised for further directions. The SOE accounts that were compromised have been temporarily turned off. These users will also receive an email with information on how to proceed.
“We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites,” Reitinger wrote.
Stay tuned.