Well this certainly isn’t the news that PS3 users have been hoping for. PSN being hacked by outsiders and shut down for close to two weeks was bad enough, but those gamers who have been paying subscriptions to Sony Online Entertainment properties have all new problems to worry about. According to the developer, the intrusion that caused them to shut down their services earlier today not only gained access to user information, but a database containing over 12,000 credit card numbers and 10,000 direct debit account numbers to customers outside of the US.
Just hours after SOE took down their services temporarily to investigate the nature of a detected intrusion in the wake of the PSN hacks on April 19, the studio is now informing their customers that they have finally grasped the size of the attack, and it’s bad.
Hackers getting access to the names, addresses, gender, birth date, email, login name and passwords is already going to cause some serious problems among SOE‘s many thousands of users, but for non-American customers that’s not the worst of it. Apparently, SOE isn’t in the habit of keeping their financial records in a single place, and non-US accounts from 2007 took the brunt of the intrusion.
According to a posting on SOE’s site, some of you customers may be hearing from the company soon:
“Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.
“Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained. We will be notifying each of those customers promptly.”
The studio reacted in the same manner as PSN’s administrators, calling in outside forensic experts to find out just how badly their systems were hacked, and have once again made it clear to the public as soon as possible. While the ‘main’ database of financial information seems to have been untouched, and the obtained credit card numbers weren’t leaked alongside their respective security codes, this is a serious breach of security.
Prior to this announcement, we were left to simply guess at the size and scale of the intrusions launched against PSN on April 19. Now we can put a number to the attack, and hopefully over 20,000 credit and debit cards will help those still thinking that the PSN hack is a laughing matter come to their senses.
How it took Sony Online Entertainment over a week to realize that one of their databases containing said information was broken into is open to debate, but for now it seems that a few days without access to DC Universe Online is the least of gamers’ problems.
We’ll keep you up to date on all developments in both PSN and SOE’s investigations.