Sony Admits 25 Million More Users Hit in Second Hacker Attack

Sony said hackers have stolen the personal information from further 24.6 Million users in a second massive breach of its online games system.

Photo: Alan Rappa/Flickr

The theft comes on top of the 77 million PlayStation accounts taken in a cyberattack revealed last week.

This latest breach – of its Sony Online Entertainment PC games network – was discovered after a review of the PlayStation Network intrusion.

Sony said it occurred a day earlier than the PlayStation break-in between April 17 to 19.

The names, addresses, emails, birth dates, phone numbers and other information for 24.6m PC games customers were stolen from its servers.

Sony also said the financial records of users from an outdated 2007 database involving people outside the US may have been stolen, including 10,700 direct debit records of customers in Austria, Germany, the Netherlands and Spain.

The outdated information contained credit card numbers, debit card numbers and expiration dates, but not the 3-digit security code on the back of credit cards. The direct debit records included bank account numbers, customer names, account names and customer addresses.

“We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1 we concluded that SOE account information may have been stolen and we are notifying you as soon as possible,” Sony said in a message to customers.

Sony said that it had shut its Sony Online Entertainment service, which are available on personal computers, Facebook and the PlayStation 3 console. Its most popular games include EverQuest, Free Realms and DC Universe Online.

The company said it will grant players 30 days of additional time on their subscriptions, along with one day for each day the system is down. It is also creating a “make good” plan for its multiplayer online games.

On Sunday, Sony executives bowed in apology and said they would beef up security measures after an earlier breach caused it to shut down its PlayStation network on April 20.

The company is working with the FBI and other authorities to investigate what it called “a criminal cyber attack” on Sony’s data center in San Diego, California. [via The Telegraph (UK) and Mashable]

Share this article

We welcome comments that advance the story directly or with relevant tangential information. We try to block comments that use offensive language, all capital letters or appear to be spam, and we review comments frequently to ensure they meet our standards. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Coinspeaker Ltd.