So the chickens have come home to roost, or however that saying goes. Earlier today, I talked about how Sony Online Entertainment had shut down its entire service following an investigation that may have changed their stance on SOE’s database being safe from the hack that took down the Playstation Network last month and resulted in everyone’s information spewed all over the net. Sony has issued a press release, and the news is not good:
Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.
Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained – we will be notifying each of those customers promptly.
Sony originally believed that SOE was not compromised as part of the PSN hack, but investigations that concluded yesterday revealed that the system was indeed broken into by an unauthorized party. It is important to note that the main credit card database was not hacked, at least according to Sony. It may not be a bad idea to get a new card, however.
We apologize for the inconvenience caused by the attack and as a result, we have:
1) Temporarily turned off all SOE game services;
2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
If it makes you feel more comfortable, I suggest going to your bank/credit card issuer, and requesting a new card. You’ll have to live without the card for a week or so, but that’s a small price to pay if Sony’s database was stolen and they are able to get through the encryption. I’m not trying to cause undue fear with these articles, but any information regarding identity theft should be taken very seriously.
If you use your Sony password on other websites, I highly suggest you get a new regular password. SOE’s services remain offline.
MMO Fallout 
I have been a SOE subscriber for years now and have always considered my personal information to be very safe with a GIANT corporation like Sony. I realize that no network is ever 100% secure however a corporation like Sony (who does hundreds of millions of dollars worth of business per year) should have the expertise and talent required to prevent such an event. This entire situation was preventable. I have read as much as I can find regarding this situation and it seems that Sony is being targeted specifically due to a round of recent layoffs. It seems that someone “in the know” about Sony security measures either did this themselves, or provided the information to do this to a third party. When will these large corporations learn that IT professionals working in these companies know more about the operation of these networks than the executives making the decisions do. It happens often where an executive orders layoffs of IT staff and then wonders why and how their network suddenly gets hacked.
Advice to Sony executives… be careful who you lay off and who you piss off! Revenge hacks like this are becoming more and more common. To be honest was it less costly to Sony to keep those IT professionals working, or was it less costly to shut down your entire online network for days on end? Also who will trust the security of Sony online services now? Not me!
Their main database wasn’t hacked. The information that they think MIGHT have been compromised was residing on obsolete servers that hadn’t been used in years and held the data of a tiny fragment of foreign customers.
Besides if you provide any kind of financial information to anyone online, especially to play a game then you’re just a moron. There is no such thing as a secure network. If you’re connected to the internet and somebody that knows what they’re doing wants to get in they will. There is a reason intelligent people prefer using gametime cards rather than putting their CC information into an online database. That’s the chicken that has come home to roost.