SOE accounts, credit card info compromised
[UPDATE] Sony Online Entertainment confirms info on 10,700 European bank records may be stolen along with credit card details of nearly 13,000 and personal info for 24.6 million customers after games, websites taken down.
Trouble seemed to be afoot at Sony Online Entertainment this morning, when the publisher brought game servers and websites related to its portfolio of massively multiplayer online games offline. As suspected, SOE has now confirmed that it, too, has suffered a security breach similar to the one plaguing the PlayStation Network and Qriocity services.
In a statement issued to GameSpot, SOE has now confirmed that approximately 24.6 million accounts as well as 12,700 non-US credit or debit card numbers and expiration dates may have been stolen. The information may have been obtained by hackers between April 16 and 17, and SOE believes that it was part of the initial attack that compromised the PSN and Qriocity service.
"This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007," the statement reads. "The information from the outdated database that may have been stolen includes approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands, and Spain."
[UPDATE] As SOE had previously noted, the credit card information that may have been stolen as part of the attack was taken from an outdated database. Today, the online games publisher told GameSpot that of the 12,700 compromised numbers, only about 900 were still valid.
Of the 24.6 million compromised accounts, SOE said that hackers may have obtained names, addresses, e-mail addresses, birth dates, genders, phone numbers, login names, and passwords. SOE noted that the password data is stored in a hashed form and not plain text.
The foreign direct debit record information includes bank account numbers, customer names, account names, and customer addresses. The breach was discovered as Sony's engineers and outside consultants reviewed SOE's system in the wake of the attack on the PSN and Qriocity services.
According to SOE, the 24.6 million accounts were not game-specific. Games that fall under the publishing label include EverQuest, EverQuest 2, DC Universe Online, Free Realms, Star Wars Galaxies, Pirates of the Burning Sea, Vanguard: Saga of Heroes, and PlanetSide.
SOE said that it would add 30 days of free game time to current customers' subscriptions to make up for the service interruption. The publisher also promised that it would be offering a one-for-one match of free game time for each day that servers are offline.