Things have been quiet on the Sony PlayStation Network hacking front lately, but now the company has announced that someone out there has attempted a mass break-in of PSN user accounts. Fortunately, the attempt mostly failed as far as Sony knows. Here's Sony's Chief Information Officer, Phillip Reitinger, with the details:
We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.
Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.
It seems that Sony learned something from the massive amounts of heat that the company received after this past spring's hack attack. I'm glad to see that the company has come clean and informed us of this issue. It would have been very easy to ignore it or try to cover it up. It also shows that PSN users have learned something, too. If many of the hack attempts failed due to mismatched passwords, then it must mean that PSN users realized that reusing passwords for more than one service isn't such a good idea. Chances are that most PSN passwords are totally unique now, meaning that trying to log into accounts with information taken from another service's database won't end in glaring success. Nobody wants to be hacked, but at least the situation was a learning experience.