Powered by Blogger.

PlayStation data breach in 'top 5 ever': researcher

More than 75 million accounts worldwide, including more than one million in Canada, are registered with the network that suffered a massive data breach this week, Sony confirmed Wednesday.More than 75 million accounts worldwide, including more than one million in Canada, are registered with the network that suffered a massive data breach this week, Sony confirmed Wednesday. (Thomas Peter/Reuters)
Names, birthdates and some credit card data may have been stolen from users of Sony's PlayStation Network in what may be one of the biggest data breaches ever.
More than 75 million accounts worldwide, including more than one million in Canada, are registered with the network that suffered a massive data breach this week, Sony confirmed Wednesday.
The massive breach is one of the "top five ever," said Alan Paller, director of research for the SANS Institute, a cybersecurity training and research institution based in Bethseda, Md.
More than 70 per cent of PlayStation 3 video game consoles are connected to the PlayStation Network, which allows users to play online games, surf the web, chat with friends and download games and other content from the PlayStation store.
The breach also affects users of Sony's Qriocity service, which streams movies on demand to compatible Sony devices such as HDTVs and Blu-ray players for a monthly fee.
Sony announced the data breach on its PlayStation blog Tuesday afternoon, six days after it shut down both services after learning of an "external intrusion" on April 19.
Tuesday's blog post detailed the personal information that it believes "an unauthorized person has obtained" from users:
  • Name, address (city, state, postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.
  • Possibly other profile data, including purchase history and billing address (city, state, postal code), and the subscriber's PlayStation Network/Qriocity password security answers. The same data with respect to a dependent may also have been obtained. If an account holder provided credit card data, the credit card number (excluding security code) and expiration date may also have been obtained.
The company said in a clarifying blog late Tuesday that it did not inform users of the breach earlier because it took until Monday "to understand the scope of the breach" following several days of forensic analysis by outside experts.
Paller said the breach is particularly dangerous to users because of the valuable information contained in the billing data about users' behaviour and preferences, which can be used to craft personalized scams.
"It's extremely dangerous because it's a perfect … targeting mechanism for targeted phishing."
The United Kingdom's Information Commissioner, who enforces the country's Data Protection Act, has told the London-based Telegraph newspaper that he is contacting Sony to learn more about the incident.

Big breaches

Some recent significant data breaches include:
  • 2009: Albert Gonzalez pleads guilty in New York to stealing tens of millions of payment card numbers by breaking into corporate computer systems from businesses including payment card processor Heartland Payment Systems, TJX Company Inc, 7-Eleven Inc. and Target Co. dating back to 2005. TJX is the parent company of Winners and HomeSense in Canada. Transactions in Canada, the U.S. and Puerto Rico were affected.
  • 2010 – 2011: A breach is discovered in the Texas state comptroller office computer server, which exposed the personal information of 3.5 million individuals for a year. Social Security numbers, names and mailing addresses as well as birth dates and driver's licence numbers were left exposed on beginning in January 2010.
  • April 2011: The Canadian government shuts down its online pay system for 320,000 employees after officials discovered the privacy of eight workers had been compromised when the system was pulled offline for repairs. Information about salary, bonuses, travel expenses and such was unavailable for two weeks.
  • April 2011: A data breach at Dallas, Tex.-based email marketer Epsilon affects customers of Air Miles, Best Buy Canada and Victoria, B.C.-based AbeBooks. Other companies affected included Capital One, Barclays Bank, U.S. Bancorp, JPMorgan Chase & Co. and Citigroup, along with hotel chain Marriott International Inc., Walt Disney Co.'s travel subsidiary Disney Destinations, TiVo Inc., Kroger Co. and Walgreen Co.

1 comments:

  1. Looking for the Ultimate Dating Site? Create an account and find your perfect date.

    ReplyDelete