A massive security breach in Sony’s video game
network may lead to the possible interception of credit card data
belonging to 77m of its users, bringing to light vulnerabilities in
password protection.
In a blog post by Sony it announces that
between 17 April and 19 April 2011 certain PlayStation Network and
Qriocity service user account information was compromised in
connection with an illegal and unauthorised intrusion into the
network.
Go deeper with GlobalData
Sony went on to say it believes the fraudster has managed to
obtain the personal details of users, including passwords and the
answers to security questions, and rather more worryingly it cannot
rule out the possibility that purchase histories may have been
hacked into, putting users’ credit card information at risk.
“To protect against possible identity theft or other financial
loss, we encourage you to remain vigilant to review your account
statements and to monitor your credit or similar types of reports,”
Sony told its customers in the blog post.
“Please note that we are as upset as you are regarding this
attack and are going to proceed aggressively to track down those
that are responsible.”
In a bid to minimise the risks to users, Sony has temporarily
turned off its PlayStation Network and Qriocity services and
engaged a security firm to conduct a full and complete
investigation into the breach. It claims it has “quickly taken
steps to enhance security and strengthen our network infrastructure
by re-building our system.”
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataSony advises users to be especially aware of email, telephone
and postal mail scams that may ask for personal or sensitive
information and to change their log in details once the services
are restored.
Alan Paller, research director of the SANS
Institute told news agency Reuters the Sony breach may be
the largest theft of identity data information on record.
He claims Sony may not have paid enough
attention to security when it was developing the software that runs
its network
The security breach also brings to light the
lack of protection offered by the traditional username and
password, argues Peter Regent, director of online authentication at
Gemalto.
“This once considered ‘good enough’ approach
enables hackers to easily bypass security measures and gain access
to sensitive personal data,” he says.
In order to avoid a repeat of such a large
scale data breach, consumer organisations must re-evaluate their
security controls. Regent says a one-time-password (OTP) approach,
using tokens or smartcard devices, adds an additional security
layer to usernames and passwords to secure online transactions.
While OTP devices can be easily integrated into the gaming
environment, a far more sophisticated security approach is a must
to prevent networks from attacks, he says.
A smartcard solution encompassing certificate-based
authentication and Public Key Infrastructure (PKI) certificates is
claimed to enable only authorised employees to access sensitive
information. Gemalto argues this provides a similar level of
protection to corporate information assets that chip and PIN cards
provide for banking customers when accessing cash from an ATM.
“Cyber criminals are becoming increasingly
sophisticated and no individual or corporation is immune to
attack,” says Regent.
“By integrating multi layer authentication
into security processes and infrastructures, consumer organisations
and businesses will be better prepared for fraud prevention”
