After the long string of compromises, bad PR, and downtime earlier this year, it looks like Sony’s back in the thick of it. Sony’s Chief Information Security Officer posted to the PlayStation Blog that an attempt to test a large batch of sign-in credentials was detected. The list of accounts seem to be coming from other recent breaches testing shared password usage.
Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.
You’ll have a pretty good idea if you were included in this list if your PSN/SEN account requires a password reset. You’ll also receive an e-mail if you were included in the list. Your SOE account was also temporarily turned off. The e-mail you receive will include instructions on how to validate and restore your account.
Use a unique password for each website/service and this isn’t that big of a deal. We recommend KeePass to wrangle all those passwords into a manageable state.