Sophos offers advice to Sony PlayStation Network users who could be affected
The implications of the hack, which resulted in the service being offline since last week, are only now becoming clear as Sony has confirmed that the hackers, who broke into the system between April 17th and April 19th, were able to access the online gamers’ personal information. According to computer security firm Sophos, users should take immediate action to ensure that their online identities are secure, and that fraudsters cannot take advantage of stolen credit card information.
“If you’re a user of Sony’s PlayStation Network, now isn’t the time to sit back on your sofa and do nothing. The fraudsters won’t wait around - for them this is a treasure trove ripe for exploiting. You need to act now to minimise the chances that your identity and bank account become casualties following this hack,” said Graham Cluley, senior technology consultant at Sophos. “That means, changing your online passwords (especially if you use the same password on other sites), and considering whether it would be prudent to inform your bank that as far as you’re concerned your credit card is now compromised.”
Sony has warned that hackers have been able to access a variety of personal information belonging to users including:
* Address (city, state, zip code)
* Email address
* Date of birth
* PlayStation Network/Qriocity password and login
* Handle/PSN online ID
In addition, Sony warns that profile information - such as history of past purchases and billing addresses, as well as “secret answers” given to Sony for password security may also have been obtained. Sony also admits that it cannot rule out the possibility that credit card information may also have been compromised.
“The fact that credit card details, used on the network to buy games, movies and music, may also have been stolen is very disturbing,” continued Cluley. “If Sony loses your credit card information, it’s no different from you losing your credit card - you should cancel that card immediately. Questions clearly have to be asked as to whether Sony was ignorant of PCI data security standards and storing this and other personal data in an unencrypted format. All in all, this is a PR and security disaster for Sony.”
For more information, please visit the Sophos Naked Security site at: http://nakedsecurity.sophos.com/2011/04/26/playstation-network-hacked-personal-information-of-up-to-70-million-people-stolen/
Graham Cluley is available for comment at +44 (0)1235 544114 or +44 (0)7990 552181
Follow Graham Cluley on Twitter: http://twitter.com/gcluley