Sony’s chief security officer Philip Reitinger warned late Tuesday that there had been a “massive” account cracking attempt on the PlayStation Network and Sony Online Entertainment. While it failed against the wide majority, the attempt successfully cracked the login info for about 93,000 accounts, 60,000 of which were PSN. All of those accounts were locked down to prevent a hijack, Sony said.
The company promised an active response. Although it noticed “additional activity” in only a few, it was checking to see if there was any rogue access on those accounts. Everyone affected would go through a mandatory password change the next time they signed on. SOE customers would have to go through extra steps to prove their identity.
A culprit hadn’t been identified as of Tuesday night. Anonymous hadn’t claimed credit, and frequent Sony attacker LulzSec has been ruled out after recent arrests. Any attacks are likely to have come from outside PSN, Sony said, and credit card information wasn’t at risk.
The quick disclosure is an improvement from the large-scale attack in mid-year, when Sony didn’t clamp down until a day later and only notified users that their data might be vulnerable until the next week, well after any potential damage might have been done.
It still serves as a minor embarrassment for Sony. The company felt forced to take PSN down for nearly a month and gave away free games and other bonuses to prevent customers from jumping ship for another console. Another attack shows it to still be a target, although password cracking attempts are very common and can often be successful through brute force, even on secure systems.
