SOE releases further breach details, 24.6 million accounts compromised

There's an old adage that things are always darkest just before the dawn, and right now the folks at Sony Online Entertainment -- as well as millions of customers -- are enduring another round of grim news. The San Diego-based MMORPG publisher has just announced that approximately 24.6 million accounts may have been stolen, in addition to the 12,700 credit or debit card thefts reported yesterday.

A new SOE press release reports that personal information including names, addresses, email addresses, login names, and hashed passwords has been illegally obtained by hackers. Another 10,700 direct debit records were pilfered from accounts in Austria, Germany, Netherlands, and Spain, including bank account numbers and the information mentioned above.

SOE plans to compensate consumers with 30 days of free subscription time as well as an additional day for each day its systems are down. The company will also provide "a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs."

Reader Comments (51)

I've never been more glad to have never supported Sony or bought anything from them.

@pcgneurotic Feel free to continue frothing at your mouth. Not that it matters to me, but you obviously think SOE is completely not at fault here. Have fun in your delusional world.

@pcgneurotic

I only count one response.

@Utakata Notice how your post is above the 20+ others that posted before you...? ;)

@(Unverified) Yes?

@Utakata so.....he posted after reading the first maybe 10+ responses, but because he replied to the first post his post came up as the second post...

@Kaoss

The only post I have seen that would have warrent pcgneurotic claim, was (Unverified) at the very top. Most have been civil discussions, though in fairness, I cannot verify the accuracy of the discussion. But if this troll expects us to read the last comment on this subject and work our way back to here to read his/her vitriol, then pcgneurotic one that is being daft, not myself who is asking the question. Just saying.

I have also noted that offending remark has been removed since.

Not that I condone this at all...

But way to be dumbasses and pick a fight with Anonymous when you clearly lack adequate security.

@(Unverified) Anon DDoS'd them about a week ago? They didn't do this according to them. Like they said to do this would be to attack Anon itself.

@(Unverified) :Yeah, If they didn't want it they shouldn't have been wearing such tight jeans /rolleyes

Some one shot the hacker already!

@JadeCurtiss

Really? Did they provide DNA samples or photographs?

"We understand you're upset that someone is now using your credit card to hire expensive hookers and booking pleasure trips to the Bahamas, and we feel for you, so to make up we will give you a free month of DCUO! Have fun!" - A SOE spokesperson.

@Lenn. Prostitutes take credit cards now? Wow, I must be really behind the times...! Where do you swipe your card...?!

:-)

@Snichy You can cash advance pretty much any credit card. Not that I recommend it because the interest is obcene.

Jef, you missed a key point: The passwords that have been stolen are hashed. This means that they do NOT have your full password. Depending on the nature of the hash, it's even possible that they don't have any portion of your password. Instead of PASSWORD, all they have is ######## or ####WORD.

@aurickle

Thanks, fixed it. That's what I get for trying to get it out fast.

@aurickle Still, a rainbow table attack is very easy now.

This is a sensational story, but let's get real here. Security is by its very nature reactive rather than proactive. It is impossible to foresee every possible hole and the vast majority of these do not get discovered until after someone has exploited them.

It's not just in the online world, either. Consider airport security screening and the many stories that have come out regarding its holes. That's only your lives that are at risk there. Or how about all the different heist movies that come out; seemingly a new one every one or two years and all with clever ways of bypassing supposedly fool-proof security.

At the end of the day, security is a matter of cost vs. benefits AND convenience. While it is ultimately possible to make things nearly 100% secure (only nearly, however), the costs of doing this are ultimately prohibitive. This is both financially and practically because your security can become so strong that nobody wants to even work with you anymore -- you're just too much of a hassle.

Finally, I would wager that there is a terrible amount of hypocrisy going on in the threads that have cropped up regarding this topic. To all the people who are busy tearing down Sony over this, I ask you:

1) Do you have a Facebook page? MySpace? Blog? How much of your personal information is there for anyone to read? Even if its just your name and city it will take very little in terms of online searches of public records to get the rest of the information that the vast majority of customers had stolen from Sony. This means that you're demanding a far higher level of diligence from Sony than you practice yourself.

2) Does the door on your house have both a deadbolt and a knob key? When you leave the house do you use both keys or only one? If it's not both, you're expecting more from Sony than you practice yourself. For that matter, how about all the windows? Are they locked all the time? Do you have a security system? If so, do you arm it EVERY time you leave the house or go to bed?

3) Do you have a checking account? Where do you keep your checks? (This includes the extra checks that haven't made it into your book yet.) Are they locked in a safe someplace when it's not on your person? For that matter, have you bought scan-proof credit card holders so that your card can't be skimmed when you go about your business? When you pay at a restaurant with your card do you sit at the table while the waiter takes your card out of your sight to process it? If you have failed to close any of these holes in your financial information then you're demanding more of Sony than you practice yourself.

4) For that matter, just how impregnable is your home? Does it have armored doors? Steel walls? Bulletproof windows? Laser security fences? Biometric locks? I could go on, but think you get the picture. If your home is not 100% secure, why not? Is it because the costs are prohibitive? Wouldn't it be a dreadful hassle for yourself and your guests?

At the end of the day, I guarantee that Sony and other companies that you're trusting with your personal information are actually spending more to protect it and going to greater lengths to do so than you are doing in your own life with the same information.

If you demand higher standards from a company that you pay $15 a month to than you practice in your own daily life, you're a hypocrite. It's really that simple.

@aurickle Brings up some good points here. Precisely why I am on Facebook under an Alias. I refuse to give my personal info to a company that changes their Privacy policy, or lack there of, each week.

I have to work On #4 I have to admit though, some of those things are kinda expensive you listed there.

| 1 | 2 | 3 | Most Recent | Next 20 Comments

SOE releases further breach details, 24.6 million accounts compromised

Reader Comments (51)

Posted: May 3rd 2011 9:04AM (Unverified) said

Posted: May 3rd 2011 9:40AM (Unverified) said

Posted: May 3rd 2011 11:15AM Utakata said

Posted: May 3rd 2011 11:17AM Kaoss said

Posted: May 3rd 2011 11:21AM Utakata said

Posted: May 3rd 2011 12:24PM Kaoss said

Posted: May 3rd 2011 4:56PM Utakata said

Posted: May 3rd 2011 9:06AM (Unverified) said

Posted: May 3rd 2011 11:16AM Kaoss said

Posted: May 3rd 2011 12:34PM Furdinand said

Posted: May 3rd 2011 9:08AM JadeCurtiss said

Posted: May 3rd 2011 11:17AM Utakata said

Posted: May 3rd 2011 9:09AM Lenn said

Posted: May 3rd 2011 9:25AM Snichy said

Posted: May 3rd 2011 9:30AM (Unverified) said

Posted: May 3rd 2011 9:35AM aurickle said

Posted: May 3rd 2011 9:44AM Jef Reahard said

Posted: May 3rd 2011 12:29PM pid said

Posted: May 3rd 2011 9:38AM aurickle said

Posted: May 3rd 2011 9:46AM Ryn said

Info

Description

MSRP

Release Date

Genre

Developer

Publisher

Rating

Breaking News

The Secret World launch delayed to July 3rd

Featured Stories

The Mog Log: The Legacy rewards and what they mean

The Tattered Notebook: The passing of Ribbitribbitt

The Firing Line: PlanetSide 2's Matt Higby on the MMOFPS revolution

Engadget

Joystiq

WoW

TUAW