• Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity
  • Far Beyond My Capacity

Monday, May 02, 2011

First Sony, now SOE

3 comments
First it was Sony, now SOE (a Sony subsidiary) have shut down their Station gaming network due to the recent hacking attacks.

This means that there is currently no access to Everquest 2, DC Universe Online, Fortune League, Free Realms and other multiplayer games, forums and support sites.

In a statement on their sites today SOE said:
Dear Valued SOE Customers,
We have had to take the SOE service down temporarily. In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately. We will provide an update later today (Monday).
We apologize for any inconvenience and greatly appreciate your patience.
Time to check those credit cards again? Time will tell, but  for now it means I won't be playing EQ2 again until the lights come back on.

Oh well, time to catch up on my Mass Effect playthrough. It's a good job Game of Thrones is on TV tonight!

Updated!! More information after the break. Very important if you have an SOE account.

SOE have now confirmed that the downtime has been due to intrusion attempts and that user data has been compromised.

In a statement released today they have stated the following.
SECURITY UPDATE

As previously announced, we have been conducting an ongoing, thorough investigation stemming from the cyber attack in April and promised to notify you should there be any changes to the situation.

A press release was issued today outlining these details. We will promptly send a customer service notification via email to all of our impacted account holders whose customer data may have been stolen as a result of an illegal intrusion on our systems. This information was discovered less than 24 hours ago and in response, we took down our services until we could verify their security.

SOE is committed to delivering secure, stable and entertaining games for players of all ages and we're working around the clock to ensure this situation is resolved as quickly as possible. We deeply regret the inconvenience this has caused and appreciate your continued patience and feedback.

Sincerely,
Sony Online Entertainment

CUSTOMER SERVICE NOTIFICATION

May 2, 2011

Dear Valued Sony Online Entertainment Customer:

Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password. Customers outside the United States should be advised that we further discovered evidence that a information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) - we will be notifying each of those customers promptly.

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
We apologize for the inconvenience caused by the attack and as a result, we have:

1) Temporarily turned off all SOE game services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at + 44 870-600-0267 (Monday to Friday 15:00 to 22:00 GMT excluding holidays) should you have any additional questions.
Sincerely,

Sony Online Entertainment LLC
So, a serious breach indeed. This will only harm SOE's already shonky reputation. Luckily I've already replaced my credit card thanks to the earlier attack on Sony's Playstation Network.

At least this time they seem to have learned a lesson from the Sony fiasco and notified users quickly (instead of after a whole week).

I must admit, I am feeling a little nervous about putting new details into any Sony site right now, as I still feel they are a big target for hacker groups. The hacking syndicate Anonymous has claimed responsibility (though Sony deny this is the case), and they still have a big grudge against the company following the prosecution of Playstation 3 hackers.

I'll be keeping a close eye on this anyway.

Another update!!

No sooner had I posted the last update than SOE release more information.

SOE have stated the following.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:

name
address
e-mail address
birthdate
gender
phone number
login name
hashed password.

In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:

bank account number
customer name
account name
customer address.

SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a "make good" plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.
It gets worse. There are (currently unsubstantiated) reports that the stolen information also includes CCV (credit card verification codes). Could be time to change those credit cards folks.

TLDR? It's bad. Real bad. If you had an SOE account lots of your personal data, potentially including passwords and credit card information has been stolen!

3 comments:

  1. Weird. I added a comment to htis a couple of days ago..but...anyhow...

    Sony has royally messed up in not upgrading it's security packages. BUT, one has to ask the question, even if they had, would this have stopped the attack? The answer is probably not.

    If someone wishes to gain access to a system and therefore your personal and financial details, you can bet your bottom $ they will do so. Either by hacking or infiltration, if they wish to do it and are skilled enough, of course it is going to happen.

    If your personal details are stored ANYWHERE online, no matter how secure you think you are, you are not. Simple. The only way to 100% protection nowadays is stay off the grid completely.

    There is a reason crime is the third biggest industry in the world by annual turnover. they are very good at what they do and the rewards are massive. Even if Sony had a cast iron defence system (not sure if that's even possible) if someone wanted to gain access to the information, then they could. just different methods are required.

    Yeah, Sony dropped the ball..but would it have chnaged the outcome? I'm not so sure.

    ReplyDelete
  2. Wow, spelling was a bit shoddy in that last comment..apologies.

    ReplyDelete
  3. I tend to agree mate. Latest rumours are that the hack was due to their high-level systems admins not keeping their passwords secure. You can be as secure as you like, but any system is only as secure as the humans using it.

    ReplyDelete

Related Posts Plugin for WordPress, Blogger...