24.6 million Sony Online Entertainment accounts stolen

Sony’s ongoing investigation of illegal intrusions into Sony Online Entertainment systems revealed that attackers may have stolen personal information from approximately 24.6 million SOE accounts, as well as certain information from an outdated database from 2007.

The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.

With the current outage of the PlayStation Network and Qriocity services and the ongoing investigation into the recent attacks, SOE had also undertaken an intensive investigation into its system. Upon discovery of this additional information, the company promptly shut down all servers related to SOE services while continuing to review and upgrade all of its online security systems in the face of these unprecedented cyber-attacks.

The company is working with the FBI and continuing its own full investigation while working to restore all services.

The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:

• name
• address
• e-mail address
• birthdate
• gender
• phone number
• login name
• hashed password.

In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:

• bank account number
• customer name
• account name
• customer address.

SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a “make good” plan for its PlayStation 3 MMOs.