Skip to main content

Sony: PC game network was also hacked

Mark Milian
Sony Online Entertainment, which manages the "EverQuest" series, shut down its online services due to a far-reaching hack.
Sony Online Entertainment, which manages the "EverQuest" series, shut down its online services due to a far-reaching hack.
  • Sony says its online-game services were also targeted in the hack
  • This adds 24.6 million accounts to the 77 million that were already reported
  • Sony shut down the networks for "EverQuest" and "DC Universe Online" on Monday

(CNN) -- Sony said the Internet security breach targeting its networks was more extensive than originally thought.

Hackers also gained access to databases containing subscriber information for Sony Online Entertainment, a San Diego subsidiary that makes online multiplayer games for computers and the PlayStation 3. The Sony division took its Web services offline Monday.

That shutdown came 12 days after Sony Computer Entertainment disconnected the PlayStation console game network and Sony Network Entertainment shut down Qriocity media streaming services. Sony said last week that it expected to start restoring some services this week, but they remain offline.

Sony disclosed the first breach on April 22, and then on April 27, the company announced that personal info and perhaps credit card numbers had been stolen for as many as 77 million accounts.

With the PC game network also compromised, Sony adds 24.6 million accounts to the pot. Some popular games maintained by Sony's online division include "EverQuest," "DC Universe Online" and "Free Realms."

This additional network was targeted on April 16 and April 17, the same days the other networks were hacked. While the infrastructures are separate, "There's a degree of architecture that overlaps" among Sony's many networks, said Michele Sturdivant, a spokeswoman for Sony Online Entertainment.

"Initially, we believed that data was not stolen," she said, but then the company uncovered evidence to the contrary during its ongoing investigation. "They used very sophisticated means to access the data, and they used sophisticated means to cover their tracks."

The information hackers took from Sony Online Entertainment's system included users' names, home addresses, e-mail addresses, phone numbers, login names, encrypted passwords, birth dates and genders. Unlike the last breach, hackers didn't get the answers to security questions or have access to most people's financial information.

However, information from an additional 12,700 users stored on a database that was retired in 2007 was also compromised, Sony said. The data there included credit and debit-card numbers and expiration dates, but not security codes, for non-United States residents, as well as direct-debit banking records for some customers in Austria, Germany, the Netherlands and Spain.

Sony apologized for the security lapse and outages on Sunday. The company plans to offer PlayStation account holders a 30-day voucher for the PlayStation Plus service, which lets gamers download free and exclusive games. Current Plus subscribers will get an extra 30 days added to their accounts.

Similarly, Sony Online Entertainment will add 30 days to customers' accounts, along with additional play time for each day the service is down. The company also says it is in the process of outlining how it will recompense gamers who own its PlayStation 3 games. Additionally, Sony will offer complimentary assistance for customers who want to enroll in identity theft protection programs.

Sony says it's working with the Federal Bureau of Investigation to make sense of the security breach. On Monday, PlayStation spokesman Patrick Seybold denied a report that said the hacker group offered to sell Sony a list of credit card numbers stolen from its systems.


Most popular Tech stories right now