Sony released a statement last night indicating that their PSN service was once again under siege by unknown hackers.
Unlike past instances which led to network intrusion and data being compromised, the attack this time was comprised of attempts to break into PSN by using username and passwords likely obtained through other compromised websites. Often, people will use a common username and password for multiple accounts across multiple websites. It’s likely that a third party site was compromised leaving hackers to try those same compromised identities against PSN.
It is unknown how many account logins were attempted, but of those, 93,000 were actually matched and compromised. Sony moved to immediately freeze those accounts and have alerted users who were affected.
With this type of attack, it shows that users – as well as companies – need to take password security seriously. If you use the same username/password on PSN as you do with other websites, it’s best that you change it now so that your PSN login information is unique to the network. That way, if your user identity is compromised on any other website, you don’t have that login information exposed for all your other accounts across the internet.
While Sony has been beaten black and blue over the PSN debacle in April 2011, this incident is not a hack by any stretch, nor does it show any fault on part of Sony. In fact, Sony’s aggressive and timely response illustrates that they may have learned their lesson, and that their new Chief Information Security officer is already on the job. It only took one of the biggest breeches in network security to teach them that.
Editor’s Note: We don’t have the exact number of total unauthorized login attempts made as part of this attack, but we do know that 93,000 was the number of accounts actually violated, not the number of attempts, as previously reported. We apologize for the confusion this may have caused some of you using this site as a reference for your eventual Network Security Doctoral theses.