Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Sony Attacked Again: Attackers Used Login Data Stolen from Other Sources

On Tuesday, Philip Reitinger, Sony’s newly appointed SVP & CISO, announced that Sony was the victim of yet another cyber attack. In this latest incident, Sony detected an attack that tested a massive set of sign-in IDs and passwords against its network database.

On Tuesday, Philip Reitinger, Sony’s newly appointed SVP & CISO, announced that Sony was the victim of yet another cyber attack. In this latest incident, Sony detected an attack that tested a massive set of sign-in IDs and passwords against its network database.

Stolen Login Database used to Attack Sony NetworkThe attack targeted the Sony Entertainment Network, PlayStation Network and Sony Online Entertainment, and used, what is assumed to be, a massive set of login details stolen from other companies, sites or other sources. With the number of successful cyber attacks recently, there is no shortage of user data, including email addresses, login names, and passwords floating around.

“In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks,” Reitinger wrote the announcement.

Reitinger said that than one tenth of one percent (0.1%) of its online customers appear to have been affected, totaling approximately 93,000 accounts globally. In other words, of the massive set of logins tested, the attackers were able to validate 93k accounts that had used the same password as was used somewhere else. In response, Sony temporarily locked the affected accounts.

“Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them,” Reitinger added.

Reitinger also said that any credit card numbers associated user account are safe and not as risk. “As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password,” he contined.

Sony hired Reitinger, a former U.S. Homeland Security official in charge of cyber security, as Senior Vice President and Chief Information Security Officer in response to a series of cyber attacks earlier this year that resulted in the personal information of more than 100 Million customers falling into the hands of hackers.

Sony says it has taken steps to mitigate the activity, but this should serve as a reminder to not use the same password on multiple sites, especially ones that that contain personal information and could be linked to a credit card, billing system, or other personal information.

This appears to be the first major incident that he has had to deal with publicly and make an announcement to users. In defense of Sony and Reitinger, this is one type of attack that many organizations are likely unprepared to defend against. But as many SIEM and DB security vendors will surely mention today, “We’ve got a solution for that!”

Related Reading:

What Does the Sony PlayStation Network Breach Teach Us about Cloud Security?

The Top Attack Techniques Used By Today’s Hackers

Enhancing Security by Studying Common Attack Techniques

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Incident Response

Implementation of security automation can be overwhelming, and has remained a barrier to adoption