Aside from the report below, it is strongly urged you keep close track of your credit/debit card accounts, and/or possibly terminate and re-issue new cards based on your purchases at SOE. As the days weeks and months forward unfold, it wouldn’t surprise us if further ‘credit card’ details were compromised as thieves of this nature tend to harbor stolen information for lengthy amounts of time before attempting to sell or exploit them.
Because the database server which contained the details was not a current one, the vast majority of the details stolen will be invalid for use, Sony believes.
Sony Online Entertainment, the branch of Sony which operates MMOs such as DC Universe Online and Free Realms, has revealed that a further 24.6 million accounts have potentially been compromised in the same security breach which has seen PlayStation Network taken offline for the past fortnight.
The statement came via an announcement on the official SOE website, revealing that both an active and an outdated database server had been ransacked during the security breaches of 16 and 17 April. All servers related to SOE activities have been shut down immediately.
Whilst the 26.4 million accounts which were compromised were from the current database, the outdated server also included payment details. Included in the potentially missing data from that server are "12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain," reads Sony’s statement.
"There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.
"We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible."
Sony’s announcement includes the following statement explaining the extent of the breach.
"The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:
- e-mail address
- phone number
- login name
- hashed password
"In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:
- bank account number
- customer name
- account name
- customer address
Currently, Sony’s compensation plans consist of refunds and subscription extensions, as well as locally organised incentives to join fraud protection schemes.
"SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a ‘make good’ plan for its PlayStation 3 MMOs (DC Universe Online and Free Realms). More information will be released this week.
Full details are available at the Sony site here: Sony Security Update