The widely publicized hack of Sony’s computer networks is worse than previously thought, also affecting 24.6 million Sony Online Entertainment network accounts.
Sony — which has kept its Sony PlayStation Network offline for nearly two weeks as it investigates a computer intrusion — took a second gaming network offline on Monday, saying it too appears to have been hacked. It said banking and credit card information belonging to more than 23,000 customers outside the U.S. may have been compromised.
The Sony Online Entertainment network, used for massively multiplayer online games like EverQuest, Star Wars Galaxies and Matrix Online, has been suspended temporarily, Sony said Monday. Add this to the 77 million accounts that may have been compromised last week, and Sony is responsible for one of the largest recorded data breaches.
The entertainment network is separate from the PlayStation Network but both hacks have similar traits, said Mai Hora, a spokeswoman for Sony Computer Entertainment in Tokyo.
In both cases, the stolen data includes customer names, e-mail addresses and hashed versions of their account passwords. That data could be used to spam customers or trick them with phishing e-mails.
Last week Sony said PlayStation Network and Quirocity users may have had their credit card numbers accessed, but that those numbers were encrypted. Sony now says some credit card numbers may have been taken from a different database. It did not say if that data was encrypted.
The hackers gained access to an “outdated database from 2007,” Sony said in its press release. That database included card numbers and expiration dates for 12,700 customers based outside of the U.S., and direct withdrawal data belonging to some customers in Austria, Germany, the Netherlands and Spain.
Sony has been dealing for weeks with the public relations crisis spawned by the hacks. On Sunday, as the head of Sony’s gaming division was apologizing for the hack in a news conference, investigators were learning about the Sony Online Entertainment and credit card database hacks.
Last week, rumors surfaced on underground hacking forums that the thieves had obtained millions of credit card numbers, but Sony maintains that this is untrue. “There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment,” Sony said Monday.
(Martyn Williams in Tokyo contributed to this story.)
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com