Sony Corp. said that hackers had breached another of the company's online services, getting access to the account details of 24.6 million people.
The company posted on the web site that the personal information of customers may have been stolen in a cyber-attack: http://www.soe.com/securityupdate/The hackers, the company said, got access to names, addresses, e-mail addresses, birthdates, genders, phone numbers, login names and hashed passwords.
The company also said that information was taken from an outdated database, as well as 12,700 non-U.S. debit card numbers and expiration dates, though they are without the security codes. Also stolen were 10,700 direct debit records from accounts in Austria, Germany, the Netherlands and Spain were taken, with information including bank account numbers, customer names, account names, and addresses.
The information was stolen on April 16 and 17, the company said in its statement. The problem was discovered in the process of investigating the attack on the PlayStation Network. A spokeswoman told The Wall Street Journal that it is not a second attack.
Sony Online Entertainment provides multiplayer games for personal computers. This differs from the PlayStation Network, which provides online services to PlayStation consoles.
The shutdown of Sonly Online Entertainment comes on the heels of the discovery that the PlayStation Network had been attacked.
The PlayStation Network was shut down on April 20, as hackers got access to the account information of 77 million users:
http://scforum.info/index.php/topic,6035.0.html The company said on Sunday that millions of credit card records were also stolen, but the information in those records was encrypted.
Sony apologized to customers for the PlayStation network breach but has not yet provided details of what went wrong.
While the passwords were stolen, they were hashed, which means that as they are entered they are turned into a string of characters of varying length. A hashed password is not stored in plaintext. Passwords can be recovered, but it requires some knowledge of the algorithm used for the hashing process. Far easier, experts say, is to mount a "phishing" attack, in which emails are sent to customers tricking them into revealing their passwords or other information.
The attacks have prompted queries from members of Congress, and resulted in calls for tighter regulations on the handling of personal information.
For its part, Sony is offering 30 days of free service to SOE subscribers. A similar ofer was made to PlayStation Network users.
(IBT)