If Sony’s learned one major thing with the massive PlayStation Network hack and outage that occurred earlier this year, it’s that transparency and honesty with consumers is the best policy to have in place. That much has become evident as a post written by Philip Reitinger, Sony’s SVP & Chief Information Security Officer, for the PlayStation.Blog has announced a mass access attempt.
Essentially, this attack attempted to access over 93,000 global accounts on the various Sony entertainment networks (approximately 60,000 for the PlayStation Network/Sony Entertainment Network and 33,000 for SOE) by massively trying externally acquired password and username pairings. Reitinger reports that most of the attempts failed and that less than one tenth of one percent of Sony‘s users were affected. Those accounts that were successfully compromised in this attempt have been temporarily turned off. Here’s what Sony is having each set of users do:
As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password.
Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on.
If you’re not sure whether or not you were targeted in this attempt, be sure to check the email you registered for Sony’s online services.
Reitinger closes his post by reminding us all of the obvious, inherent problem with the internet: it can be fraudulent. Be safe, be smart, use strong passwords and don’t use the same password for every account you create.
Kudos to Sony for reporting this issue immediately and coming up with a solution. Hacking and fraudulent activity can’t be prevented, but it can be handled appropriately.