This past weekend, Sony held a press conference to address the PSN breach that resulted in the personal information of 77 million PSN users being compromised (note that this was before Sony discovered SOE was also hit by an attack that saw the information of 24.6 million users compromised). Sony spent a lot of time going over information that had already been dished out via a series of Q&As, FAQs and security updates penned by Patrick Seybold and his team and posted to the PlayStation Blog. However, Executive deputy president Kazuo Hirai and CIO Shinji Hasejima did offer some new information to the press.
For starters, though 77 million accounts may be affected, Hirai says the number of users affected is lower than that because some people have multiple accounts. The Register cites Hirai as saying, of these, Sony only held credit card information for around 10 million customers.
Also present at the press conference was Chief Information Officer Shinji Hasejima, who revealed that the attack actually exploited a “known vulnerability” in the web application server platform used in PSN. According to the Reg, Hasejima admitted that though it was generally known, Sony management were not aware of it. To that end, the company has created a new role of ‘chief information security officer’ in an effort to prevent history repeating itself. Hasejimi refused requests for more information on the server platform used, or the vulnerability exploited, for security reasons.
Sony yesterday discovered that SOE had also suffered at the hands of hackers, and the information of nearly 25 million users had been compromised. This includes credit and debit card information and direct debit records for approximately 23,400 users. Read more about that here.