Sony: Hackers Exploited Known Vulnerability

This past weekend, Sony held a press conference to address the PSN breach that resulted in the personal information of 77 million PSN users being compromised (note that this was before Sony discovered SOE was also hit by an attack that saw the information of 24.6 million users compromised). Sony spent a lot of time going over information that had already been dished out via a series of Q&As, FAQs and security updates penned by Patrick Seybold and his team and posted to the PlayStation Blog. However, Executive deputy president Kazuo Hirai and CIO Shinji Hasejima did offer some new information to the press.

For starters, though 77 million accounts may be affected, Hirai says the number of users affected is lower than that because some people have multiple accounts. The Register cites Hirai as saying, of these, Sony only held credit card information for around 10 million customers.

Also present at the press conference was Chief Information Officer Shinji Hasejima, who revealed that the attack actually exploited a “known vulnerability” in the web application server platform used in PSN. According to the Reg, Hasejima admitted that though it was generally known, Sony management were not aware of it. To that end, the company has created a new role of ‘chief information security officer’ in an effort to prevent history repeating itself. Hasejimi refused requests for more information on the server platform used, or the vulnerability exploited, for security reasons.

Sony yesterday discovered that SOE had also suffered at the hands of hackers, and the information of nearly 25 million users had been compromised. This includes credit and debit card information and direct debit records for approximately 23,400 users. Read more about that here.

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
Comment from the forums
    Your comment
  • prabal34
    I wonder if Sony will just /ragequit . It kind of sucks because I had to put a fraud alert on my credit the other day due to all this stuff happening. I also probably won't ever buy anything from PSN anymore...
  • rantoc
    So a known vulnerability was exploited and Sony didn't even know about it. The words "We take peoples information/credit cards seriously" all of a sudden seems more like "We don't give a shit about people!" and the newly appointed ‘chief information security officer’ position will likely be terminated when the media storm have blown over or have as escape goat when it happens again!
  • 4745454b
    Since when is security not a part of IT? Seems to me they should fire the CIO or one of his underlings because security of the network would be one of their responsibilities? It seems silly to me to create a whole new job if it should already be a part of someone's already.