Looks like we have a new addition to the Top 10 list of all-time biggest breaches. Taro Koyano of Yomiuri Shimbun reports:
The personal information of about 77 million users worldwide of Sony Corp.’s PlayStation and Qriocity online services may have been leaked, the company said Tuesday.
Sony said its PlayStation Network services for online games and Qriocity movies and music distribution services were breached. User names, billing addresses, e-mail accounts and passwords may have been stolen in the intrusion, the company said, adding it was possible that credit card numbers were leaked, although there was no direct evidence.
The two online services have about 77 million registered users in about 60 nations worldwide, including Japan, and the incident may represent one of the largest Internet security break-ins ever.
Read more on Yomiuri Shimbun. The Japan Times provides additional details from Associated Press coverage. Ellen Messmer of NetworkWorld reports:
Sony Computer Entertainment and Sony Network Entertainment yesterday acknowledged that an “unauthorized person” has stolen the following kinds of information that was provided by its by PlayStation and Qriocity customers: “Name, address, country, email, address, birth date, PlayStation Network/Qriocity password and login and handle/PSN online ID.” Sony took its PlayStation Network offline last week and yesterday disclosed what it knows so far about the massive breach.
Not surprisingly, the UK’s Information Commioner’s Office has some questions for Sony, as does the Privacy Commissioner of Canada, and Senator Richard Blumenthal. Expect all the usual parties to pile on.
Also not surprisingly, the first lawsuit has already been filed.
Although there is no unequivocal statement from Sony as to whether credit card data were compromised, Ars Technica reports that they are getting a lot of complaints of credit card fraud in the past few days from commenters who blame Sony.