Passwords and credit cards at risk after Sony Playstation hack

Press release

Published April 27th, 2011 - 12:06 GMT

Graham Cluley, Senior Technology Consultant at Sophos, offers advice to Sony PlayStation Network users who could be victims of hacking

Users of Sony's PlayStation Network are at risk of identity theft after hackers broke into the system and accessed the personal data of videogame players.

The implications of the hack, which resulted in the service being offline since last week, are only now becoming clear as Sony has confirmed that the hackers, who broke into the system between April 17th and April 19th, were able to access the online gamers' personal information. According to computer security firm Sophos, users should take immediate action to ensure that their online identities are secure, and that fraudsters cannot take advantage of stolen credit card information.

"If you're a user of Sony's PlayStation Network, now isn't the time to sit back on your sofa and do nothing. The fraudsters won't wait around - for them this is a treasure trove ripe for exploiting. You need to act now to minimise the chances that your identity and bank account become casualties following this hack," said Graham Cluley, senior technology consultant at Sophos. "That means, changing your online passwords (especially if you use the same password on other sites), and considering whether it would be prudent to inform your bank that as far as you're concerned your credit card is now compromised."

Sony has warned that hackers have been able to access a variety of personal information belonging to users including:

- Name
- Address (city, state, zip code)
- Country
- Email address
- Date of birth
- PlayStation Network/Qriocity password and login
- Handle/PSN online ID

In addition, Sony warns that profile information - such as history of past purchases and billing addresses, as well as "secret answers" given to Sony for password security may also have been obtained. Sony also admits that it cannot rule out the possibility that credit card information may also have been compromised.

"The fact that credit card details, used on the network to buy games, movies and music, may also have been stolen is very disturbing," continued Cluley. "If Sony loses your credit card information, it's no different from you losing your credit card - you should cancel that card immediately. Questions clearly have to be asked as to whether Sony was ignorant of PCI data security standards and storing this and other personal data in an unencrypted format. All in all, this is a PR and security disaster for Sony."

Background Information

Sony

In 1946, Tokyo Tsushin Kogyo K.K. (Tokyo Telecommunications Engineering Corporation, the predecessor of Sony)
started as a small company with capital of just 190,000 yen and approximately 20 employees.
Founder Masaru Ibuka said the purpose of setting up the company was to "establish an ideal factory
that stresses a spirit of freedom and open mindedness that will, through technology, contribute to Japanese culture."
Symbolizing Sony's spirit of challenge to "do what has never been done before,"
the company has continued to release countless "Japan's first" and "world's first" products.

Company Profile

Sophos

IT security products have become as complex as the networks they’re trying to secure. At Sophos we know that the solution to complexity is not more complexity. We tackle security challenges with clarity and confidence, knowing that simple security is better security.