/ 3 May 2011

Sony: 25m more accounts at risk in new data hack

Sony CEO Howard Stringer faced criticism of his leadership after the consumer electronics giant revealed hackers may have stolen the data of another 25-million accounts in a second massive security breach.

Sony’s latest revelation came just a day after it announced measures had been put in place to avert another cyberattack like that which hit its PlayStation Network, hoping to repair its tarnished image and reassure customers who might be pondering a shift to Microsoft’s Xbox.

The Japanese electronics company said its Sony Online Entertainment PC games network had been hacked on April 18, but did not find out about the breach until the early hours of Monday and shut down the service shortly afterwards.

The breach may also have led to the theft of 10 700 direct debit records from customers in Austria, Germany, the Netherlands and Spain and 12 700 non-U.S. credit or debit card numbers, it said.

Investors said Sony and 69-year-old chief executive Stringer had botched the data security crisis, a further blow for the company which has struggled against rivals including Nintendo and lost ground to smartphone makers such as Apple.

“The way Sony handled the whole thing goes to show that it lacks the ability to manage crises,” said Michael On, fund manager at Beyond Asset Management in Taipei, who does not own Sony shares.

“The current CEO should step down after the hacker problems and the company’s failure to push out products that are competitive.”

Stringer has not commented on the security breach, leaving Kazuo Hirai to lead the news conference and apology on Sunday. Hirai headed the networks division and is seen as the likely successor to Stringer, who in March committed to stay in his role for the current year at least.

Data comprised
The attack that Sony disclosed on Monday took place a day before a massive break-in of its separate PlayStation video game network that led to the theft of data from 77-million user accounts. Sony revealed that attack last week.

The PlayStation network lets video game console owners download games and play against friends. The Sony Online Entertainment network, the victim of the latest break-in, hosts games played over the internet on PCs.

Sony said late on Monday that the names, addresses, emails, birthdates, phone numbers and other information from 24,6-million PC games accounts may have been stolen from its servers as well as an “outdated database” from 2007.

Sony spokesperson Sue Tanaka, asked whether other data could be at risk, listed the precautions the company has taken such as firewalls, but added it could not be certain.

“They are hackers. We don’t know where they’re going to attack next,” Tokyo-based Tanaka said.

The PlayStation Network incident has sparked legal action and investigations by authorities in North America and Europe, home to almost 90% of the users of the network.

On Monday, Sony declined to testify in person in front of a US congressional hearing, but agreed to respond to questions on how consumer private data is protected by businesses in a letter on Tuesday, said a spokesperson for Mary Bono Mack, a Republican Congresswoman from California, who is leading the hearing.

Sony Facebook games down
The incident that Sony disclosed on Monday also forced it to suspend its Sony Online Entertainment games on Facebook.

Sony posted a message on Facebook saying it had to take down the games during the night.

A Sony spokesperson said the Facebook games make money from microtransactions and the sale of virtual goods like costumes and weapons.

It was not immediately clear if the data theft included data from players of Sony games including PoxNora, Dungeon Overlord and Wildlife Refuge on Facebook.

Facebook could not immediately be reached for comment.

Sony Online Entertainment is a division of Sony. It operates online games such as EverQuest and is separate from the PlayStation video game console division.

The servers for both the Online Entertainment unit and the PlayStation Network are based in San Diego but are completely separate, said Sony’s Tanaka.

Sony denied on its official PlayStation blog on Monday that hackers had tried to sell it a list of millions of credit card numbers.

The news comes less than a week after Sony alerted customers that a hacker broke into Sony’s PlayStation video game network and stole names, addresses, passwords and possibly credit card numbers. Sony alerted customers a week after discovering the break-in.

Sony executives apologised on Sunday and said the company would gradually restart the PlayStation Network with increased security and would offer some free content to users, pleasing a number of its users.

Other users were less forgiving.

“Well, as much as I think what the hackers did was downright criminal, the fact of the matter is they have done a marvellous job of showcasing Sony’s ignorance,” one contributor named Tokyo Guy posted on the Engadget technology website.

“And really, the point needs to be made that if Sony is this incompetent, then they deserve to be sued and fined and lose all their money. It’s pathetic.” — Reuters