*Sony* was lambasted last spring after it took seven days to disclose that an attack on its video game network had led to what some called the “largest identity theft in history.” Last night, the company disclosed that its customer data was hacked again.
In a message on its PlayStation blog, Sony’s chief security executive warned that hackers had broken into 93,000 customer accounts that contain information like names and credit-card information. Sony believes hackers did this by trying to log in to its network using information stolen from a third party:
We want to let you know that we have detected attempts … to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources.
The post goes on to say that only 0.1% of customer accounts were compromised by the attack and that Sony was able to lock most of the hacked accounts in a short time. This is the second time in six months that hackers have broken into Sony’s PlayStation network, which consists of millions of video game enthusiasts who supply their credit-card information in order to participate in online game activities.
Sony’s quick warning differs from what took place after the April attack. On that occasion, which resulted in the large scale theft of customers’ email and credit-card information, Sony was blasted for taking up to seven days to disclose that an attack had even taken place and for failing to encrypt credit card data. It is facing a class action suit in the U.S. for failing to warn its customers and is in a fight with its insurer over who should pay for liabilities stemming from “the largest identity theft in history.”
This time, Sony’s clear and timely warning led customers to post dozens of grateful comments like “Thanks for the heads up Sony (NYSE: SNE). Well done. Bravo!” and “Awesome catch. I’m glad to see you guys really stepped up your response time and over all security.” Some of these comments may have been posted by Sony’s own employees, but overall the tone is markedly different than the universal criticism the company faced in April.
The response to Sony’s quick disclosure of the attack seems to vindicate the “come clean quick” approach to customer privacy issues. Of course, not everyone thinks transparency is enough. Other comments on Sony’s site include, “I feel like they are sugar coating and trying to make 93,000 accounts being compromised seem fine and acceptable” and “Come on guys, this is getting old.” A third group of commentators simply fretted that they would not be able to play video games while Sony fixed the problem.