But wait! Put down that pitchfork, angry mob because this time they’re doing the correct thing and letting everyone know straight away. Also it looks as if it isn’t really their fault, but more like the fault of stupid people who use the same username and password for multiple accounts. The previous PSN attack taught me how not to be one of those stupid people, which means I can now look on with an air of superiority and say: “pffft, stupid people using the same username and password for multiple accounts – rookie mistake!”
Posting on the PlayStation Blog, the new Chief Information Security Officer, Phillip Reitinger has warned users that Sony has “detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database”.
In total, about 93 000 accounts have been compromised, but Sony has already shut them down and notified the owners via email. Those affected will be forced to reset their passwords for security reasons. No credit card details have been compromised at all however Reitinger reports that “a small fraction of these 93 000 accounts” indicated online activity prior to being shut down. For those people who fall into that “small fraction”, Sony will be working with them to reverse any purchases made and to restore lost wallet funds.
In the same blog post, Reitinger says that this list of username and password combinations is a “compromised [list] from other companies, sites or other sources”. This means that whoever was behind these “hacks” literally tried their luck by applying the usernames and passwords to Sony Online accounts. They got lucky 93 000 times.
So you see, it’s totally not Sony’s fault! They’re cleaning up other people’s mess, right?