Sony warns of almost 25 million extra user detail theft

  • Published

A further 25 million gamers have had their personal details stolen as a result of security breaches at Sony.

As well as the Playstation Network, which has been down since 20 April, the company has now taken its Sony Online Entertainment (SOE) service offline.

It said credit card details and other personal information have been taken from an "outdated database".

Last week, Sony admitted that the personal details of 77m Playstation users may have been stolen by hackers.

Since the breach was revealed, shares in Sony have dropped by 4% amid calls for the company's CEO Howard Stringer to stand down over the crisis.

'Cyber attack'

In a message to its customers, Sony said: "We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company."

However, it added that "on 1 May we concluded that SOE account information may have been stolen".

Sony was quoted by the Associated Press (AP) news agency as saying that the latest incident occurred on 16 and 17 April.

This was earlier than the larger Playstation user security breach, which occured on 20 April.

Sony admitted the scale of the problem to users on 27 April.

This new attack goes beyond users of Playstation hardware, affecting PC and Facebook gamers - potentially an additional 25 million people.

Sony said that names, home addresses, e-mail addresses, dates of birth, phone numbers and gender information was taken.

Additionally, direct debit details of around 10,700 customers in Austria, Spain, the Netherlands and Germany were stolen, as were the credit or debit card details of some 12,700 non-US customers.

Broader investigation

Sony explained that the information included card numbers and expiry dates, but said that it was taken from a 2007 database which was securely encrypted.

The company added: "There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment."

Spokeswoman Taina Rodriguez told AP that there was no evidence as yet that the stolen information had been used for illicit financial gain.

Image caption,
Sony Online Entertainment's Fortune League is a Facebook-based multiplayer game

However, in its statement, Sony has warned customers to be aware of any contact via e-mail, telephone or postal services purporting to be official Sony correspondence.

"Sony will not contact you in any way, including by e-mail, asking for your credit card number, social security number or other personally identifiable information.

"If you are asked for this information, you can be confident Sony is not the entity asking. When SOE's services are fully restored, we strongly recommend that you log on and change your password."

It warned customers who may use the same passwords for other services to change them immediately.

The suspension of SOE, which is based in San Diego, California, left multiplayer games including DC Universe and Facebook-based Fortune League unavailable.

"We have had to take the SOE service down temporarily," the company said.

"In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down, effective immediately," it added.

Powering up?

The company had previously said that it would get the Playstation Network up-and-running again this week.

It has also promised assistance for users who have been affected by the hack.

Image caption,
Kazuo Hirai is seen as a frontrunner to take over Sony Corp

"We will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs.

"The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilised."

On Sunday, top Sony executive and head of the Playstation unit Kazuo Hirai led an apology for the attacks.

"We apologise deeply for causing great unease and trouble to our users," he said.

"These illegal attacks obviously highlight the widespread problem with cyber-security."

It said users would soon see a phased re-introduction of gaming, movie and music download services.

Users on paid services will be granted 30 days of additional time on their subscriptions, along with one day for each day the system is down.

"We deeply regret the inconvenience this has caused and appreciate your continued patience and feedback," the company said.

Related Internet Links

The BBC is not responsible for the content of external sites.