PSA: Compromised PSN info used in mass access attempt

by Arthur Gies on Oct 12th 2011 12:10AM

In a post on the Official PlayStation Blog tonight, the Chief Information Security Officer for Sony Phillip Reitinger informed users that a major, concerted wave of sign-in attempts were made using login and password information "obtained from one or more compromised lists from other companies, sites or other sources." Sony has, in their words, "taken steps to mitigate this activity." Reitenger specified that credit card information had not been compromised.

Accounts affected by the mass access attempt have received prompts via email to reset their passwords. Sony Online Entertainment accounts affected have also been provisionally disabled until their passwords are changed.

Tags: hacking, playstation, ps3, psn, SOE

Reader Comments (87)

LEAVE SONY ALONE HACKERS

But at least they warned us that something bad went down and not waiting till the damage was already done.

@The Cole Train
From a post below:

"If you read the Playstation Blog article, it's clear that the logins and passwords were gathered from a different hacked database and used to attempt logins on PSN.

People that got an email are those whose PSN login and password were the same as their login and password elsewhere.

"Compromised PSN info" is a little misleading."

They got information from another database, and decided to try to log into PSN with them. Most likely, they've tried (or will try) to log into XBL with those same accounts. They are not targeting Sony specifically, and there is such a ridiculous chance that these people even knew someone who knew someone who knew someone who sort of knew a guy who knew something about the PSN hacks a couple of months ago that to link this incident to the major debacle at few months ago is ludicrous.

@YimYimYimi

That's what I was thinking. They're probably trying to sign into heaps of websites with that information. I wouldn't be surprised if XBL is undergoing a similiar mass access attempt right now, it's just that Sony has actually brought it to the public's attention.

@DarkTwisted
XBL already went through this a few months ago, Joystiq even had a story about it. MS basically said the same thing' All the info was taken from other sites (which if you recall there were like a dozen hacks covering all sorts of gaming sites) And the hackers attempted to brute force their way in, hoping that any name and password combination they found on the other sites would match a log in.

@The Cole Train

I was just thinking we needed that "LEAVE BRITTANY ALONE!" guy to back up sony. Thanks!

Thank you hackers for compromising our accounts... in the name of net neutrality! Take that corporation!

@Dcmac
This has absolutely nothing to do with net neutrality. For all we know, they got passwords off of Minecraft's database. Net neutrality is the stance that restrictions shall not be imposed upon the Internet, not that we should be able to break into databases and steal account information.

Most likely, this has nothing to do with some sort of philosophical view of the Internet. What probably happened was someone goofed up big time and these guys found a way past someone's security. Using the account information from some database, they're trying them on all sorts of websites and services, PSN being the only one vocal about it. I wouldn't be surprised if we hear something from Microsoft in the next 24 hours.

@YimYimYimi Pretty sure he was being sarcastic. Well, I hope so.

Flamestorm incoming.

@eNriqeu
Aye men! L'ks like w're g'nna hafta equip t' flame shi'lds!
Le's giv' 'em 'ell!

@eNriqeu
No firestorm, read the article itself not just the headline. It's not about Sony, it's about the information which was taken from other sources. The same thing happened to MS so why should it be any more of a big deal?

At least if your credit card info gets stolen again, you can sue.

Oh, wait....

@Mike Nathan
You can sue, due to it being YOUR account and card that was stolen. Theres no law that says you can't, nor any power that takes that right from you.

@Mike Nathan

You can sue, just not a class action - but you can/could opt out of that ;)

@Faenix actually, you can still sue as part of a class action lawsuit. There's no way that Sony's terms of use for PSN will ever hold up in a court of law, as (at least in America) you have some rights that you cannot voluntarily give up.

Errbody gon' be maaaaaaddd...

@CoconutSkittle
No one's going to be mad unless they were silly enough to have the same password on their PSN account after the hack and sony's required password change as they had on one of the many other sites that got hacked.

.......................

c'mon don't fck with my attempts to summon a phantom for help in Dark Souls.

@themisanthrope Rawr

Glad to see Sony at least on top of things....

Unless these attempts were made like, last week. Would not be shocked.

If you read the Playstation Blog article, it's clear that the logins and passwords were gathered from a different hacked database and used to attempt logins on PSN.

People that got an email are those whose PSN login and password were the same as their login and password elsewhere.

"Compromised PSN info" is a little misleading.

Misleading headline. It's not "compromised PSN info." It's "compromise user account info." They got the account info from other sources, and now they're just throwing them into PSN to see what sticks, trying to exploit people that use the same login and password for everything.

I hope this doesn't end up being like that last PSN Outage.

I wonder how many people in this thread will misunderstand the situation completely and blame Sony for everything. Hmm.

So, no one is going to give Sony kudos for being on top of this? We're just going to treat this as another PSN hack fiasco?

This actually affected me. I was thinking it may have been one of my friends who changed my password since i couldt think of anything else, but it wasn't.
Time to change my password on everything.

So people got a list of emails/passwords from some other site and successfully accessed accounts on the PSN?

...Meh, **** like that happens every day across multiple platforms. There was no hacking done here. And Sony already locked down those accounts affected and sent emails to do a password reset.

Really a non-issue at this point.

@libregkd

Well no hacking of the PSN anyway. Can't say the same for whatever website they got the database from.

@libregkd 93,000 successful logins in a single day seems like more than a non-issue.

@zebwinz
That's 93,000 people who hopefully learned a valuable lesson about password reuse.

Misleading title!

Meh. Nothing new.

Thanks Anonymous! Keep up the good work and whatnot.

Just kidding, they should all be cockpunched.

@(Unverified)
You should start with yourself, my anonymous, unregistered friend.

@(Unverified)

*cockpunches for being an anonymous user*

@Faenix

I joke, but still, kind of ironic. xD

@pluupy
lol well "unregistered in comment plane".

Reading your comment brought tears to my eyes and smoke to my ears.

So months after the PSN outage someone tried to use the compromised info on PSN testing to see if anyone didn't change their password when the first thing that Sony did was make everyone change their password?

And what, this is suppose to spawn a number of "PSN compromised again" articles?

Oh not this again. >_>

I've been hard on PSN/SOE's pathetic security, because they deserved it, but looks like Sony handled this one well (unless we find out later this happened a week ago).

- detected intrusion
- shut it down
- no credit cards stolen
- announce it
- pass-lock the compromised accounts

Guess you guys learned, well done.

@Oldtaku

Considering this wasnt a hack.. just stupid users with the same passwords for things..

@Faenix Yeah, I realize it wasn't Sony that was really hacked, but six months ago they wouldn't even have noticed this and if they had they wouldn't have told their users. So I'm giving them credit for apparently handling this as well as anyone could expect.

@Oldtaku Yeah I agree with everyone else. As soon as this happened, I put authenticators on my Gmail accounts, and changed anything remotely similar to my PSN credentials. I also changed my PSN e-mail for good measure.:)

@Oldtaku
First off they did notice, which was why the PSN went down to begin with. Then they took their time trying to figure out what had been stolen because it was the first time they'd ever had a situation like that. it would hurt them more to run around screaming without knowing what exactly happened don't you think? Yes they were slow in getting out the emails but they've always been slow with emails, even for other situations.

@PN04

But the slow to notify users was still a mistake especially given that they weren't sure if CC info had been compromised.

And I hope each and every last one of them was traced because they were ready for it.

@Godmars

Come on, now you just sound dumb. At least post a link or something.

Honestly if you were dumb enough to have the same password for important things (Important, to me, is any site where you can/do buy stuff from) then you are just asking to be screwed.

So I'll get to wait about five days after hearing about everyone else getting e-mails for Sony to send me a notice that an old password I used has been compromised. Gotcha. Thanks.

| 1 | 2 | Most Recent | Next 50 Comments

PSA: Compromised PSN info used in mass access attempt

Reader Comments (87)

Posted: Oct 12th 2011 12:14AM The Cole Train said

Posted: Oct 12th 2011 1:00AM YimYimYimi said

Posted: Oct 12th 2011 1:20AM DarkTwisted said

Posted: Oct 12th 2011 5:03AM PN04 said

Posted: Oct 12th 2011 6:38AM Punkrawk Bbob said

Posted: Oct 12th 2011 12:14AM Dcmac said

Posted: Oct 12th 2011 1:35AM YimYimYimi said

Posted: Oct 12th 2011 4:02AM Hank Hill said

Posted: Oct 12th 2011 12:14AM eNriqeu said

Posted: Oct 12th 2011 12:52AM pluupy said

Posted: Oct 12th 2011 5:10AM PN04 said

Posted: Oct 12th 2011 12:14AM Mike Nathan said

Posted: Oct 12th 2011 12:50AM Cavall said

Posted: Oct 12th 2011 12:50AM Faenix said

Posted: Oct 12th 2011 1:37PM gordeaux said

Posted: Oct 12th 2011 12:15AM CoconutSkittle said

Posted: Oct 12th 2011 5:09AM PN04 said

Posted: Oct 12th 2011 12:15AM themisanthrope said

Posted: Oct 12th 2011 9:55AM Jay Z said

Posted: Oct 12th 2011 12:15AM (Unverified) said

Posted: Oct 12th 2011 12:20AM baronkarza said

Posted: Oct 12th 2011 12:21AM whatisdelicious said

Posted: Oct 12th 2011 12:23AM StormChaser91 said

Posted: Oct 12th 2011 12:29AM DarkTwisted said

Posted: Oct 12th 2011 12:32AM civilciv said

Posted: Oct 12th 2011 12:35AM SolidSage said

Posted: Oct 12th 2011 12:39AM libregkd said

Posted: Oct 12th 2011 12:40AM libregkd said

Posted: Oct 12th 2011 8:20AM zebwinz said

Posted: Oct 12th 2011 10:48AM aristokrat said

Posted: Oct 12th 2011 12:39AM rudetrooper said

Posted: Oct 12th 2011 12:42AM (Unverified) said

Posted: Oct 12th 2011 12:47AM (Unverified) said

Posted: Oct 12th 2011 12:53AM pluupy said

Posted: Oct 12th 2011 1:05AM Faenix said

Posted: Oct 12th 2011 1:05AM Faenix said

Posted: Oct 12th 2011 1:38AM pluupy said

Posted: Oct 12th 2011 9:36AM Spartan050 said

Posted: Oct 12th 2011 12:57AM Godmars said

Posted: Oct 12th 2011 1:04AM Rukishou said

Posted: Oct 12th 2011 1:04AM Oldtaku said

Posted: Oct 12th 2011 1:06AM Faenix said

Posted: Oct 12th 2011 1:14AM Oldtaku said

Posted: Oct 12th 2011 1:16AM OrangeGamer said

Posted: Oct 12th 2011 5:19AM PN04 said

Posted: Oct 12th 2011 10:00AM Vidikron said

Posted: Oct 12th 2011 1:04AM ShadowXIII said

Posted: Oct 12th 2011 1:06AM A Sandwich said

Posted: Oct 12th 2011 1:07AM Faenix said

Posted: Oct 12th 2011 1:14AM DrDrew Pinsky said

Info

Description

MSRP

Release Date

Genre

Developer

Publisher

Rating

Breaking News

WB conjures up Harry Potter for Kinect this fall

Featured Stories

Weekly Webcomic Wrapup is a stranger in a strange land

Silver Lining: I Am Alive's unfeeling world

Game Of Thrones and the paradoxes of adaptation

Engadget

TUAW

Massively

WoW