Sony has taken to its PlayStation blog, informing customers that “a massive set of sign-in IDs and passwords” have recently been tested against its PlayStation, Sony Entertainment and Sony Online Entertainment networks.
The good news is that a) Sony appears to be pretty upfront about this, which is a nice change compared to how the initial summer hacks were handled, and b) it appears that the username and password combinations were stolen from somewhere else, since many of them didn’t work on Sony’s networks.
“These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.
Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. Please note, if you have a credit card associated with your account, your credit card number is not at risk.”
If your PlayStation or Sony Entertainment account has been affected, you’ll be receiving an e-mail from Sony prompting you to reset your password. If your Sony Online Entertainment account has been affected, it’s “been temporarily turned off,” says Sony, and you’ll be receiving an e-mail with instructions on how “to validate your account credentials and have your account turned back on.”