Skip to main content

Sony: Hackers Exploited Known Vulnerability

This past weekend, Sony held a press conference to address the PSN breach that resulted in the personal information of 77 million PSN users being compromised (note that this was before Sony discovered SOE was also hit by an attack that saw the information of 24.6 million users compromised). Sony spent a lot of time going over information that had already been dished out via a series of Q&As, FAQs and security updates penned by Patrick Seybold and his team and posted to the PlayStation Blog. However, Executive deputy president Kazuo Hirai and CIO Shinji Hasejima did offer some new information to the press.

For starters, though 77 million accounts may be affected, Hirai says the number of users affected is lower than that because some people have multiple accounts. The Register cites Hirai as saying, of these, Sony only held credit card information for around 10 million customers.

Also present at the press conference was Chief Information Officer Shinji Hasejima, who revealed that the attack actually exploited a “known vulnerability” in the web application server platform used in PSN. According to the Reg, Hasejima admitted that though it was generally known, Sony management were not aware of it. To that end, the company has created a new role of ‘chief information security officer’ in an effort to prevent history repeating itself. Hasejimi refused requests for more information on the server platform used, or the vulnerability exploited, for security reasons.

Sony yesterday discovered that SOE had also suffered at the hands of hackers, and the information of nearly 25 million users had been compromised. This includes credit and debit card information and direct debit records for approximately 23,400 users. Read more about that here.

  • prabal34
    I wonder if Sony will just /ragequit . It kind of sucks because I had to put a fraud alert on my credit the other day due to all this stuff happening. I also probably won't ever buy anything from PSN anymore...
    Reply
  • rantoc
    So a known vulnerability was exploited and Sony didn't even know about it. The words "We take peoples information/credit cards seriously" all of a sudden seems more like "We don't give a shit about people!" and the newly appointed ‘chief information security officer’ position will likely be terminated when the media storm have blown over or have as escape goat when it happens again!
    Reply
  • 4745454b
    Since when is security not a part of IT? Seems to me they should fire the CIO or one of his underlings because security of the network would be one of their responsibilities? It seems silly to me to create a whole new job if it should already be a part of someone's already.
    Reply
  • eddieroolz
    I wonder if this was the case of technicians on the lower levels knowing about a hole, but management refusing to acknowledge it and order a repair. As we all know this happens a lot in corporatinos and governments.
    Reply
  • alidan
    rantocSo a known vulnerability was exploited and Sony didn't even know about it. The words "We take peoples information/credit cards seriously" all of a sudden seems more like "We don't give a s$#$ about people!" and the newly appointed ‘chief information security officer’ position will likely be terminated when the media storm have blown over or have as escape goat when it happens again!
    you have to realise how a japanese company works. they will likely fire some random guy who had nothing to do with it, or the person who mentioned the bug, but was told to do nothing.

    they than made a job, for a more convenient scape goat the next time around (though they will do a job till than)

    and finally, the person who is really responsible, will be given a meaningless task to do till he leave the company, as this is the most efficient way to deal with someone who could potentially still be important to some other company.
    Reply
  • ironmb
    Yet another reason why I never will own a playstation console again.
    Reply
  • KlamathBFG
    So anyone know what the server platform was or how long the hole has been there, given their reaction it sounds like this could be pretty old which is even more frightening!!!
    Reply
  • Ori25
    A quadrillion dollars made from original games / 3 system update each month.... and there is no one at the other end of the wire to prevent our account to be stollen ... lol.... nice one Sony next bank invoice i will mail it to you!
    Reply
  • memadmax
    Wow, known exploit and noone was around to patch the hole....

    GG sony...
    Reply
  • ubercake
    Thing that sucks for me is at one time, I owned an XBOX 360, XBOX, PS3, and Wii at the same time. No one used the PS3 so I sold it after 3 months, though I had signed up for their crappy PSN online service while I had the PS3. Now I receive an e-mail notification my account was comprimised (from 3 or 4 years ago!). It said we only think they got your basic info from the phone book plus your user name and password (which is only tied to a bank card), so don't worry or anything, but please feel free to check your credit.

    When are governments really going to hold these bi-(#3s responsible. Burden of proof is always on the consumer. I like my Bravia, but this make me consider never getting another one of their products for fear my product registration might pose a credit risk. Enough of this crap already!
    Reply