Sony has frozen 93,000 accounts on its private gaming and entertainment networks after it detected mass unauthorized login attempts, according to a company blog posting.
"We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment services to test a massive set of sign-in IDs and passwords against our network database," wrote Sony chief information security officer Philip Reitinger on the official U.S. PlayStation blog yesterday (Oct. 11).
All three Sony private networks were hit by a massive data breach in April that resulted in more than 100 million accounts being compromised and the networks being shut down for weeks. The individuals behind the breach have yet to be identified, and this latest incident is a bad aftertaste.
Since the "overwhelming majority" of the recent login attempts failed, said Reitinger, "it is likely the data came from another source and not from our networks."
Reitinger did not get more specific, leaving out both when the mass login attempt took place and how many logins had been attempted. (The 93,000 accounts that were frozen were successfully penetrated.) But from his vague description, it could be that someone tried to run an automated script that rapidly tried to log into the three networks using a computer drawing ID-password pairs from a database.
However, Reitinger's statement that the account information likely "came from another source" may be misguided.
After the three Sony private networks came back online in May, anyone logging back into his old account was forced to change the password. That procedure would have blocked most unauthorized logins using data stolen during the April breach.
Reitinger's reasoning alluded to the fact that many people use the same passwords for nearly all their online accounts — always a bad idea. Ironically, since the May forced password change made April's stolen data useless for accessing Sony private networks, that stolen data is now good only for breaking into accounts on non-Sony websites.
Sony hired Reitinger about five weeks ago, soon after he had left his previous job as head of the Department of Homeland Security's National Cybersecurity Center. He had earlier held security-related jobs at Microsoft and the Pentagon.