SOE confirms users' details compromised
12,700 credit card numbers stolen.
Update: Sony Europe has told GamesIndustry.biz that only 900 of the stolen 12,700 non-US cards are still active and usable.
Original story: Sony Online Entertainment has admitted that personal details from 24.6 million accounts have been compromised in the same security breach that took PlayStation Network offline last month.
A statement on its website explains that it has taken its servers down following new information that has come to light in the last 24 hours.
"Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems.
"We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack.
"Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password."
It goes on to explain that though it doesn't believe its primary credit card database has been accessed, an outdated database has been breached.
"Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained - we will be notifying each of those customers promptly.
"There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment."
The statement indicates that this is not a new attack but directly linked to the PlayStation Network intrusion at the end of April.
"We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
"We apologise for the inconvenience caused by the attack and as a result, we have:
- Temporarily turned off all SOE game services
- Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened
- Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information
"We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable."
Sony Online Entertainment titles include EverQuest II, DC Universe Online and FreeRealms.