Sony Cyber Breach Worsens: Another 25M Hacked

Adding to a string of recent woes, consumer electronics giant Sony (NYSE:SNE) said on Tuesday that another 25 million accounts were likely hacked in its second massive security breach in less than a month.

Sony said the hackers may have stolen personal information of Sony Online Entertainment customers on April 16th and 17th, as well as certain information from an outdated database from 2007.

The personal information of account holders may have included names, addresses, email addresses, birthdates, gender, phone numbers, login names and hashed password.

The outdated database included some 12,700 non-U.S. credit or debit card numbers and expiration dates, though it excludes credit card security codes, and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain, Sony said. The hackers may also have accessed bank account numbers, customer names, account names and customer addresses.

The Tokyo-based company said it discovered the breach when engineers and security consults were reviewing the Sony Online Entertainment systems, which include its popular PlayStation gaming system. The latest revelation came a day after it announced measures to avert future cyber attacks.

Sony said that in addition to network outages and ongoing investigations with the FBI into the recent attacks, Sony Online Entertainment has also undertaken an intensive investigation into its system.

Consumers, however, have scolded Sony and its chief executive, Howard Stringer, on the breaches and its handling of the mess, criticizing the company for the continued outages of its PlayStation Network and Qriocity services.

Security expert Richard Stiennon said the breach has drawn a lot of attention, including attention from other attackers, noting it wouldn’t be surprising if hackers started searching for vulnerabilities within its other networks.

“I can’t condemn Sony, even though it appears these attacks were not very sophisticated,” said Stiennon, who serves as the chief research analyst at IT-Harvest. “If you’re a large company you’re going to have a lot of vulnerabilities.”

Sony apologized to customers on Sunday for the inconvenience caused by the outages and said it is working to restore all services.

The Japanese tech conglomerate said it is granting customers 30 days of additional time on their subscriptions and compensation them one day for each day the system is down.

Sony also intends to provide a complimentary offering to assist customers in enrolling in identity theft protection services or similar programs.