60,000 PlayStation Network and Sony Entertainment Network accounts and 33,000 Sony Online Entertainment accounts have been compromised during what Sony describes as a testing of a “massive set of sign-in IDs and passwords” against their network database.
According to the blog post by Sony’s Chief Information Security Officer Philip Reitinger, all compromised accounts have been locked for the time being and the attack was thwarted.
“These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources,” he wrote. “In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks.”
He also said that only a small part of the accounts that have been locked showed activity prior to this move, and that any purchases that have been made via those accounts in that period of time (7th-10th October) will be refunded by Sony. “Please note, if you have a credit card associated with your account, your credit card number is not at risk,” Reitinger added.
All affected users will be receiving a notification about the event and will have to go through a series of steps in order to prove they are the real owner of the account, but if you are a user of any of those networks, it would not be a bad idea for you to preventatively change your password into a stronger one.