Sony says 25 million more accounts hacked

[Guest guest]

http://news.yahoo.com/s/ap/us_tec_sony_hacker_attack

Sony says 25 million more accounts hacked

2 hrs 39 mins ago

NEW YORK – Sony Corp. said Monday that hackers may have taken personal

information from an additional 24.6 million user accounts after a review of the

recent PlayStation Network breach found an intrusion at a division that makes

multiplayer online games.

The data breach comes on top of the 77 million PlayStation accounts it has

already said were jeopardized by a malicious intrusion.

The latest incident occurred April 16 and 17 — earlier than the PlayStation

break-in, which occurred from April 17 to 19, Sony said.

About 23,400 financial records from an outdated 2007 database involving people

outside the U.S. may have been stolen in the newly discovered breach, including

10,700 direct debit records of customers in Austria, Germany, the Netherlands

and Spain, it said.

The outdated information contained credit card numbers, debit card numbers and

expiration dates, but not the 3-digit security code on the back of credit cards.

The direct debit records included bank account numbers, customer names, account

names and customer addresses.

Company spokeswoman Taina said Sony had no evidence the information

taken from Sony Online Entertainment, or SOE, was used illicitly for financial

gain.

" We had previously believed that SOE customer data had not been obtained in the

cyber-attacks on the company, but on May 1 we concluded that SOE account

information may have been stolen and we are notifying you as soon as possible, "

Sony said in a message to customers.

Sony said that it shut service Monday morning to Sony Online Entertainment

games, which are available on personal computers, Facebook and the PlayStation 3

console. Its most popular games include " EverQuest, " " Free Realms " and " DC

Universe Online. "

The company said it will grant players 30 days of additional time on their

subscriptions, along with one day for each day the system is down. It is also

creating a " make good " plan for its multiplayer online games.

On Sunday, Sony executives bowed in apology and said they would beef up security

measures after an earlier breach caused it to shut down its PlayStation network

on April 20. The company is working with the FBI and other authorities to

investigate what it called " a criminal cyber attack " on Sony's data center in

San Diego, Calif.

The company said it would offer " welcome back " freebies such as complimentary

downloads and 30 days of free service to PlayStation customers around the world

to show remorse and appreciation.

PlayStation spokesman Seybold, in a blog post Monday, denied a report

that said a group tried to sell millions of credit card numbers back to Sony.

He also said that while user passwords had not been encrypted, they were

transformed using a simpler function called a hash that did not leave them

exposed as clear text.