Sony has brought in specialists to track down those responsible for stealing the personal details of more than 100 million online gamers.
According to the BBC, the Japanese electronics giant has recruited security experts from Guidance Software and Data Forté Corp, the latter of which is headed up by a former special agent with the US Naval Criminal Investigative Service (NCIS).
And of course the FBI has already begun its own separate investigation into the huge Playstation breach. Sony has confirmed it is working with the San Diego branch of the FBI, where the data centre housing the company’s game network was based.
Currently the investigation is still in its early stages and no one has been formally identified as carrying out the hack.
However Sony has blamed the hacking group Anonymous, as it said the breach took place whilst it was fending off a denial of service attack from them. Apparently Sony was targetted by Anonymous because it took legal action in a federal court against a hacker in San Francisco.
But according to the Wall Street Journal, which cited “a person familiar with the matter,” at least some of the attacks came from a Malaysia-based server.
There is little doubt that Sony is currently facing a world of hurt over the breach.
In the United States Senator Richard Blumenthal sent a letter to Sony executives saying he was “deeply concerned about the egregious inadequacy of Sony’s efforts thus far to notify its customers of these breaches or to provide adequate protections for users whose personal and financial information may have been compromised.”
In the UK meanwhile Sony is facing a formal probe from the Information Commissioner’s Office (ICO). And in Germany, it has been revealed that German privacy officials will query Sony about the breach.
On top of this, Sony faces several class-action suits.
The latest is from a Toronto law firm, which launched a C$1 billion (£635,000) class-action suit against Sony for breach of privacy. Its client is said to be a 21-year-old PlayStation user from Mississauga, Ontario.
Sony said it had discovered that user account information for 77 million PlayStation Network and Qriocity users had been compromised between 17 April and 19 April. But Sony only notified customers of the breach on 26 April.
And then to make matters worse, on Monday 2 May security consultants found a second breach, carried out between 16 April and 17 April. Their findings indicated that personal information from about 24.6 million Sony Online Entertainment (SOE) accounts may have been stolen, as well as certain information from an outdated database from 2007.
This takes the total amount of user details that have been hacked to over 100 million users.
Besides stealing names, email addresses, and phone numbers, there are also reports that the hackers also succeeded in stealing credit card information.
Sony said that its credit card database was encrypted. However security researchers said last week that hackers are bragging on forum discussions that they have credit card numbers in their possession. The hackers are reportedly threatening to sell the information for up to $100,000 (£60,000).
That report was also said that hackers initially tried sell the stolen data back to Sony but were ignored. Sony however has denied this claim.
“To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list,” Nick Caplin, Sony’s head of communications in Europe, was quoted as saying in the Daily Telegraph.
Sony for its part maintains there is no evidence the encrypted credit card database was stolen, but it does concede it could have been stolen and that 10 million credit cards could be at risk.
In the face of fierce criticism, Sony bosses on Sunday bowed in apology for the breach and said that it is appointing a chief information security officer (CISO).
Meanwhile the PlayStation Network remains offline after being shut down more than two weeks ago.
Sony said it will shortly begin a phased restoration by region of PlayStation Network and Qriocity services, beginning with gaming, music and video services.
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…
View Comments
“We discovered a file making a clear reference to ‘Username unknown,’” the company said in a letter to the US Congress on Wednesday, “and a blank user icon which therefore was anonymous. D’you see what that means? It means George Hotz and his hacker friends are loathsome criminal masterminds! So obviously we can’t be held liable for negligence in the face of forces like these. In conclusion, give us money.”
The letter details the company’s actions over the past two weeks. It says Sony acted with “care and caution” in deciding how to act and how long it thought it could get away without telling anyone. “We did not want to cause confusion and cause customers to take unnecessary actions, such as stopping their credit card payments to us.”
My blog post: http://newstechnica.com/?p=3057