October 12, 2011, 2:52 AM —
Sony suspended 93,000 user accounts on several of its gaming and entertainment networks after unauthorized login attempts on those accounts, it said Wednesday.
The attempts occurred on the PlayStation Network, Sony Entertainment Network, and Sony Online Entertainment, and the company says that bulk login information likely acquired from other sources was tested en masse on the networks. Only a "small number" of the attempts were successful, and no credit card information was leaked.
In a blog entry on Sony's U.S. Playstation site, Sony Chief Information Security Officer Philip Reitinger said that "less than one tenth of one percent (0.1%)" of the networks' users may have been affected.
"These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources," he wrote.
Sony is not aware of any breach of its own databases in relation to the login attempts, including credit card data, it said. But in some cases unauthorized purchases may have been made through the accounts, which will be refunded by Sony.
The PlayStation Network and Sony Entertainment Network accounts that were successfully logged into during the attempts now require password resets. The affected Sony Online Entertainment accounts have been switched off, and users have been notified by email on how to have them restored.
The attempts occurred between Oct. 7 and Oct. 10. About 60,000 of the accounts were on the PlayStation and Sony Entertainment networks, while about 33,000 were on Sony Online Entertainment.
Sony was the victim of a massive attack in April on its Qriocity and sister PlayStation Network, in which its servers were hacked and around 100 million accounts were stolen from company databases. The networks were shut down globally for a month and a half, but there has so far been no widespread credit card fraud associated with the attack.