Last week Sony suspended 93,000 user accounts on several of its gaming and entertainment networks after there were unauthorized login attempts on those accounts. The attempts occurred on the PlayStation Network, Sony Entertainment Network, and Sony Online Entertainment.
Surprisingly, the way these users found out about the data breach was so casual for a company of the size of Sony; “Only way I even knew about it was I got an email from Paypal saying my account had been used and they were questioning it because I hadn’t used my Paypal in a couple years.” said one user.
In a blog entry on Sony’s U.S. Playstation site, Sony Chief Information Security Officer Philip Reitinger said that “less than one tenth of one percent (0.1%)” of the networks’ users might have been affected. We know that Sony said that “most of the hackers’ details resulted in failed logins”, but as many as 93,000 logins succeeded in this attack.
It may sound like Sony deflects this attack by calling the breach to be from “other sources” but this may be what’s considered to be a brute force attack using logins obtained from other hacked sites.
3 things we learn from this latest attack
- You can’t just rely on your internal security monitoring systems anymore – you must lock down your data once and for all.
- Hackers “used the exact same email address and password on other sites not belonging to Sony” and we cannot expect that this behavior will change any time soon.
- So, we must look for other solutions to secure sensitive customer data and the most modern approach to this is Tokenization. If you aren’t familiar with Tokenization just watch this video on how easy it is to hack your company.