Sony: 25m more accounts at risk in new data hack

Sony CEO Howard Stringer faced criticism of his leadership after the consumer electronics giant revealed hackers may have stolen the data of another 25-million accounts in a second massive security breach.

Sony’s latest revelation came just a day after it announced measures had been put in place to avert another cyberattack like that which hit its PlayStation Network, hoping to repair its tarnished image and reassure customers who might be pondering a shift to Microsoft’s Xbox.

The Japanese electronics company said its Sony Online Entertainment PC games network had been hacked on April 18, but did not find out about the breach until the early hours of Monday and shut down the service shortly afterwards.

The breach may also have led to the theft of 10 700 direct debit records from customers in Austria, Germany, the Netherlands and Spain and 12 700 non-U.S. credit or debit card numbers, it said.

Investors said Sony and 69-year-old chief executive Stringer had botched the data security crisis, a further blow for the company which has struggled against rivals including Nintendo and lost ground to smartphone makers such as Apple.

“The way Sony handled the whole thing goes to show that it lacks the ability to manage crises,” said Michael On, fund manager at Beyond Asset Management in Taipei, who does not own Sony shares.

“The current CEO should step down after the hacker problems and the company’s failure to push out products that are competitive.”

Stringer has not commented on the security breach, leaving Kazuo Hirai to lead the news conference and apology on Sunday. Hirai headed the networks division and is seen as the likely successor to Stringer, who in March committed to stay in his role for the current year at least.

Data comprised
The attack that Sony disclosed on Monday took place a day before a massive break-in of its separate PlayStation video game network that led to the theft of data from 77-million user accounts. Sony revealed that attack last week.

The PlayStation network lets video game console owners download games and play against friends. The Sony Online Entertainment network, the victim of the latest break-in, hosts games played over the internet on PCs.

Sony said late on Monday that the names, addresses, emails, birthdates, phone numbers and other information from 24,6-million PC games accounts may have been stolen from its servers as well as an “outdated database” from 2007.

Sony spokesperson Sue Tanaka, asked whether other data could be at risk, listed the precautions the company has taken such as firewalls, but added it could not be certain.

“They are hackers. We don’t know where they’re going to attack next,” Tokyo-based Tanaka said.

The PlayStation Network incident has sparked legal action and investigations by authorities in North America and Europe, home to almost 90% of the users of the network.

On Monday, Sony declined to testify in person in front of a US congressional hearing, but agreed to respond to questions on how consumer private data is protected by businesses in a letter on Tuesday, said a spokesperson for Mary Bono Mack, a Republican Congresswoman from California, who is leading the hearing.

Sony Facebook games down
The incident that Sony disclosed on Monday also forced it to suspend its Sony Online Entertainment games on Facebook.

Sony posted a message on Facebook saying it had to take down the games during the night.

A Sony spokesperson said the Facebook games make money from microtransactions and the sale of virtual goods like costumes and weapons.

It was not immediately clear if the data theft included data from players of Sony games including PoxNora, Dungeon Overlord and Wildlife Refuge on Facebook.

Facebook could not immediately be reached for comment.

Sony Online Entertainment is a division of Sony. It operates online games such as EverQuest and is separate from the PlayStation video game console division.

The servers for both the Online Entertainment unit and the PlayStation Network are based in San Diego but are completely separate, said Sony’s Tanaka.

Sony denied on its official PlayStation blog on Monday that hackers had tried to sell it a list of millions of credit card numbers.

The news comes less than a week after Sony alerted customers that a hacker broke into Sony’s PlayStation video game network and stole names, addresses, passwords and possibly credit card numbers. Sony alerted customers a week after discovering the break-in.

Sony executives apologised on Sunday and said the company would gradually restart the PlayStation Network with increased security and would offer some free content to users, pleasing a number of its users.

Other users were less forgiving.

“Well, as much as I think what the hackers did was downright criminal, the fact of the matter is they have done a marvellous job of showcasing Sony’s ignorance,” one contributor named Tokyo Guy posted on the Engadget technology website.

“And really, the point needs to be made that if Sony is this incompetent, then they deserve to be sued and fined and lose all their money. It’s pathetic.” — Reuters

Isabel Reynolds
Isabel Reynolds works from [email protected] Politics reporter for Bloomberg in Tokyo. Opinions are my own, Retweets are not endorsements, etc. Isabel Reynolds has over 2283 followers on Twitter.
Advertisting

Mabuza’s ‘distant relative’ scored big

Eskom’s woes are often because of boiler problems at its power plants. R50-billion has been set aside to fix them, but some of the contracts are going to questionable entities

ANC faction gunning for Gordhan

The ambush will take place at an NEC meeting about Eskom. But the real target is Cyril Ramaphosa

What the law could clarify this year

Lawfare: Major developments are on the cards where law and politics meet, including the first amendment to South Africa’s Bill of Rights

The secret ‘Warmonger’ at the SSA

A listening device acquired by the agency is at the centre of an alleged R600-million fraud operation
Advertising

Press Releases

New-style star accretion bursts dazzle astronomers

Associate Professor James O Chibueze and Dr SP van den Heever are part of an international team of astronomers studying the G358-MM1 high-mass protostar.

2020 risk outlook: Use GRC to build resilience

GRC activities can be used profitably to develop an integrated risk picture and response, says ContinuitySA.

MTN voted best mobile network

An independent report found MTN to be the best mobile network in SA in the fourth quarter of 2019.

Is your tertiary institution is accredited?

Rosebank College is an educational brand of The Independent Institute of Education, which is registered with the Department of Higher Education and Training.

Is your tertiary institution accredited?

Rosebank College is an educational brand of The Independent Institute of Education, which is registered with the Department of Higher Education and Training.

VUT chancellor, Dr Xolani Mkhwanazi, dies

The university conferred the degree of Doctor of Science Honoris Causa on Dr Xolani Mkhwanazi for his outstanding leadership contributions to maths and science education development.

Innovate4AMR now in second year

SA's Team pill-Alert aims to tackle antimicrobial resistance by implementing their strategic intervention that ensures patients comply with treatment.

Medical students present solution in Geneva

Kapil Narain and Mohamed Hoosen Suleman were selected to present their strategic intervention to tackle antimicrobial resistance to an international panel of experts.