Last week’s hack on Sony’s PlayStation Network has been listed as the fourth largest data breach ever in history, exposing the personally identifiable information (PII) and possibly credit card data of about 70 million users, according to DataLossdb, an open source foundation that monitors data breaches across the world.
IT security firm, Sophos, is warning users of Sony’s PlayStation Network that they are at risk of identity theft after hackers broke into the system and accessed the personal data of videogame players.
The implications of the hack, which resulted in the service being offline since last week, are only now becoming clear as Sony has confirmed that the hackers, who broke into the system between April 17th and April 19th, were able to access the online gamers’ personal information. According to Sophos, users should take immediate action to ensure that their online identities are secure, and that fraudsters cannot take advantage of stolen credit card information.
Sony is yet to provide the exact details of the attack and says it is still unsure if the credit card details were breached but at the same time says it doesn’t rule out the possibility that your credit card details could already be in the hands of the attackers.
“If you’re a user of Sony’s PlayStation Network, now isn’t the time to sit back on your sofa and do nothing. The fraudsters won’t wait around – for them this is a treasure trove ripe for exploiting. You need to act now to minimize the chances that your identity and bank account become casualties following this hack,” said Graham Cluley, Senior Technology Consultant at Sophos. “That means, changing your online passwords (especially if you use the same password on other sites), and considering whether it would be prudent to inform your bank that as far as you’re concerned your credit card is now compromised.”
Sony has warned that hackers have been able to access a variety of personal information belonging to users including:
- Name
- Address (city, state, pin code)
- Country
- Email address
- Date of birth
- PlayStation Network/Priority password and login
- Handle/PSN online ID
In addition, Sony warns that profile information – such as history of past purchases and billing addresses, as well as “secret answers” given to Sony for password security may also have been obtained. Sony also admits that it cannot rule out the possibility that credit card information may also have been compromised.
“The fact that credit card details, used on the network to buy games, movies and music, may also have been stolen is very disturbing,” continued Cluley. “If Sony loses your credit card information, it’s no different from you losing your credit card – you should cancel that card immediately. Questions clearly have to be asked as to whether Sony was ignorant of PCI data security standards and storing this and other personal data in an unencrypted format. All in all, this is a PR and security disaster for Sony.”
Infosec India 