Sony cuts off Sony Online Entertainment service after hack

It has confirmed that some banking and credit card information may have been stolen

The widely publicized hack of Sony's computer networks is worse than previously thought, also affecting 24.6 million Sony Online Entertainment network accounts.

Sony -- which has kept its Sony PlayStation Network offline for nearly two weeks as it investigates a computer intrusion -- took a second gaming network offline on Monday, saying it too appears to have been hacked. It said banking and credit card information belonging to more than 23,000 customers outside the U.S. may have been compromised.

The Sony Online Entertainment network, used for massively multiplayer online games like EverQuest, Star Wars Galaxies and Matrix Online, has been suspended temporarily, Sony said Monday. Add this to the 77 million accounts that may have been compromised last week, and Sony is responsible for one of the largest recorded data breaches.

The entertainment network is separate from the PlayStation Network but both hacks have similar traits, said Mai Hora, a spokeswoman for Sony Computer Entertainment in Tokyo.

In both cases, the stolen data includes customer names, e-mail addresses and hashed versions of their account passwords. That data could be used to spam customers or trick them with phishing e-mails.

Last week Sony said PlayStation Network and Quirocity users may have had their credit card numbers accessed, but that those numbers were encrypted. Sony now says some credit card numbers may have been taken from a different database. It did not say if that data was encrypted.

The hackers gained access to an "outdated database from 2007," Sony said in its press release. That database included card numbers and expiration dates for 12,700 customers based outside of the U.S., and direct withdrawal data belonging to some customers in Austria, Germany, the Netherlands and Spain.

Sony has been dealing for weeks with the public relations crisis spawned by the hacks. On Sunday, as the head of Sony's gaming division was apologizing for the hack in a news conference, investigators were learning about the Sony Online Entertainment and credit card database hacks.

Last week, rumors surfaced on underground hacking forums that the thieves had obtained millions of credit card numbers, but Sony maintains that this is untrue. "There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment," Sony said Monday.

(Martyn Williams in Tokyo contributed to this story.)

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Sony Computer EntertainmentGame platformssecuritydata breachgames

More about IDGSonySony Computer Entertainment

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Robert McMillan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place