Sony on Monday May 2, disclosed that the cyber attach that resulted in the hack of the PlayStation Network had also affected Sony Online Entertainment multiplayer game service. The company admitted that during its investigation of the server attacks it has found that “hackers may have obtained personal customer information from SOE systems.” That includes info about a person’s name, address, phone number email, address, the person’s gender, the person’s login name and a “hashed” version of the person’s password.
At a press conference on Sunday PlayStation chief Kaz Hirai disclosed that the credit card details of nearly 10 million PSN users may have been compromised, and today the company admitted that the “encryption” of the credit card data it claimed existed earlier was nothing more than a weak hash algorithm.
Sony said that the numbers came “from an outdated database from 2007” that still stored “12,700 non-US customer credit or debit card numbers and expiration dates”. Sony said the info didn’t include the card’s security codes. Also Sony Online said that “10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained.” The company said it’s contacting the people affected by this attack.
“There’s no evidence that our main credit card database was compromised. It’s in a completely separate and secured environment,” the company said in a statement sent to users. It’s also an about face for Sony, who at first had believed SOE’s systems weren’t hacked.
While it seemed at first that Sony Online’s MMO game servers had been spared from the cyber attacks that affected the console-based Playstation Network, Sony Online has now come to the conclusion that isn’t the case. The online servers for MMO games like the Everquest series, Star Wars Galaxies, DC Universe Online and many others are now shut down with no word on when they will come back online. Sony Online says it is working “to enhance security and strengthen our network infrastructure” along with bringing in “an outside, recognized security firm to conduct a full and complete investigation into what happened.”