More than 70m users of Sony’s online gaming network have had their names, e-mail addresses and passwords stolen by a hacker in one of the largest privacy breaches to date.
Sony announced on Tuesday that the information had been taken – six days after it closed the PlayStation Network – as it began e-mailing users of the free service with warnings to be on the lookout for scams.
The Japanese electronics and entertainment powerhouse said it was possible that credit card information had been taken as well, recommending that customers who had supplied those numbers online should review their bills carefully.
The breach is troubling because many Sony gamers are likely to have used the same passwords for e-mail and social networking accounts. The hacker could resell user name and password combinations to other criminals, who could take control of those accounts and mine them for bank account passwords or send bogus e-mails to friends’ addresses.
Sony said information taken in the breach included birth dates, home cities and possibly security questions and answers.
Security experts said PlayStation Network users who reused passwords should immediately change their login details on other sites.
The cache of e-mail addresses is one of the largest collections ever stolen, along with those from a breach disclosed last month by marketing firm Epsilon, said Jay Foley, executive director of the non-profit Identify Theft Resource Center.
E-mails alone can be valuable to criminals. In the week of the Epsilon hack, some users received messages directing them to a website where they could download an application that would supposedly help them track if their information was being misused. In fact, the application was a “keylogger” that recorded everything they typed on their computers, including passwords.
As the payments industry has increased security, scammers have turned to e-mail and other means as a stepping stone to win financial data, Mr Foley said.
Many Sony customers were outraged that the company had failed to warn them earlier that passwords might have been lost and had not encrypted them to begin with.
“If you have compromised my credit information, you will never receive it again,” one user wrote on Sony’s PlayStation Network blog. “The fact that you’ve waited this long to divulge this information to your customers is deplorable.”
Sony officials said on the blog that they hoped to have the service at least partially back up and running, with increased security, within a week – at which point users should immediately change their passwords.
Sony declined to answer additional questions.
The original article can be found here
http://www.ft.com/intl/cms/s/2/f4026292-7053-11e0-bea7-00144feabdc0.html#axzz25jqyWYz7
—
As mentioned during class, there has been a surge in the usage of social media. The mainstream ones such as Skype, Facebook, Sony and other social media networks require you to log-in and create a user-profile. These companies keep data banks of your personal data. The Sony case is a prime example of the financial and privacy risk we are truly facing.
Most people would perceive a world in which everything is connected to be a haven of endless possibilities. Sadly that’s not how I see it. If a large corporation such as Sony can be breached. What about the smaller companies? You may put your trust in the security-level of Sony, but the possibility still exists that your Sony account and other accounts could be at risk.
Are you a victim of identity theft? If so, how did you deal with it? And how can we prevent such an occurrence?
Do share your point of view 🙂