Sony Online Entertainment has confirmed they have been attacked and that hackers may have obtained personal information from 24.6 million customers. Stolen information includes names, addresses, email, gender, birth-date, phone number and login information. Your password information was not encrypted but was "hashed". SOE then warned residents living outside the US they have further evidence that information from an outdated database may have been accessed. The database contained 12,700 credit/debit card numbers and expiration dates.
The approximately 12,700 non-US credit cards were stored in an outdated database. Like the previous attack on the PSN, security codes were not recorded so they couldn't be accessed by the "intrusion." On top of that, 10,700 direct debit records with bank account numbers from customer in Austria, Netherlands, Germany and Spain may have also been accessed. SOE will notify each of those customers "promptly".
SOE assures gamers their credit card information should be safe, "There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment."
Sony Online Entertainment also addressed their previous statements denying SEO was affected by an external intrusion. "We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible."
Sony concluded by apologizing to its customers and confirming the following consequences:
- Temporarily turned off all SOE game services;
- Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
- Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
For more information you can read their entire statement here.
Tips, suggestions? Find me on Twitter.