Sony probably can't wait to put 2011 in the rearview. In a year that has seen unprecedented numbers of high-profile hacker attacks on various companies, Sony has arguably endured the worst of it. A network intrusion brought down the PlayStation Network and other Sony services in the spring, and now a new attack there has resulted in 93,000 more user accounts being compromised.
The news comes straight from the company via chief information security chief Philip Retinger, writing in a post on PlayStation Blog. He reveals that user data from "one or more compromised lists from other companies, sites or other sources" was used "to test a massive set of sign-in IDs and passwords against our network database." Basically, a large-scale phishing expedition.
Retinger goes on to note that this number accounts for less than 0.1 percent of the total Sony online userbase.
Breached accounts -- which break down to roughly 60,000 on PSN and SEN (Sony Entertainment Network) and roughly 33,000 for SOE -- have been temporarily locked, though "only a small fraction... showed additional activity prior to being locked." While unauthorized purchases may have been made with those accounts that have credit card info stored, Retinger clarifies that the credit card numbers themselves rae "not at risk."
One final thing to note: mandatory password reset will be called for with all "PSN/SEN accounts that had both a sign-in ID and password match through this attempt." Sony will be contacting this "small group" directly via e-mail prompting you to reset your password.
Bear in mind, neither Sony nor any company will ever actually ask you to send in a password or any other sensitive information. If you get an e-mail that does not contain a link to an official Sony-owned password reset page and instead asks you to send information via e-mail, I would recommend reporting it immediately.
Source: PlayStation Blog