Sony's cyberthreat woes are proving to be persistent. After a data breach earlier this year forced the company to suspend its PlayStation Network (PSN) for nearly a month, the Japanese electronics giant has reportedly suffered yet another incident to its online gaming service.
The company announced on Wednesday that it has frozen the accounts of some 93,000 PSN, Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) users from around the world after experiencing a sharp increase in unauthorized login attempts.
The login attempts took place between October 7 and 10, affecting less that one-tenth of its online community users, Sony stated. The company was quick to point out that it took steps to "thwart" the activity, and no credit card numbers associated with the affected accounts were at risk.
In a press release, Sony said it will notify the affected account holders via email and will require these users to reset their passwords. The company also claimed that it is conducting an investigation of the incident into the extent of the unauthorized activity.
The discovery of the login attempts comes as another slap in the face to what has been a black-eye year for Sony in terms of security breaches. In April, the company revealed that as many as 100 million PSN and SOE accounts had been affected by a data security breach that forced it to take the PSN offline until mid-May.
Throughout the year, Sony has suffered a number of other account hijacking threats as well, including an unauthorized intrusion on its subsidiary So-Net Entertainment in May that may have affected 200 consumers and an attack to SonyPictures.com in June carried out by hacker group LulzSec.
However, account hijacking threats are not unique to Sony and are becoming increasingly common. This year alone, organizations including LinkedIn, Twitter and many others have been forced to address the issue in very public ways, as cybercriminals have attempted to exploit vulnerabilities for personal gain.
Following the incidents from earlier this year, Sony made several moves to prevent future breaches, or at least mitigate their effects. Among the most notable steps are the relocation of Sony's data center to an undisclosed location, the addition of new firewalls and enhanced activity monitoring software – a factor that might have come into play in this latest breach.
In September, Sony also announced the appointment of Philip Reitinger as its new chief information security officer. Reitinger, who previously served as the director of the U.S. National Cyber Security Center, evidently had his work cut out for him early with this latest data security incident. In a post on the official PSN blog, Reitinger explained the latest PSN, SEN and SOE attack, noting the importance of strong passwords and usernames.
"We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites," Reitinger said. "We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account."
Though the latest breach is worrisome, Sony's response demonstrates that the company may have learned from previous incidents, and its pre-emptive measures seem to have mitigated some of the potential damage. Accounting hijacking has become a pervasive problem industry-wide, but Sony's openness about this and earlier breaches may inspire confidence in its customers and shine a light on the increasingly common threat. This, in turn, may inspire companies and data security leaders to address the issue head on.
Security News from SimplySecurity.com by Trend Micro