http://www.afterdawn.com/news/article.cfm/2011/10/12/multiple_sony_servers_attacked_again


I laughed.

What makes it funnier to me is that when the first attack happened I said I'd never trust Sony with security again... My friends and people on-line laughed at me saying it could never happen again... some of them are currently claiming it's a lie and hasn't happened again..

From reading the article, the accounts were compromised in a totally different manner from the previous one. Rather than Sony itself getting hacked, this seems like a set of logins from other websites being bruteforced to see if the user keeps the same username/password in multiple places. It's troubling for sure, but it's not a security issue for Sony as much as it's a security issue for individual accounts. If the actual servers got hacked, there wouldn't be any failed attempts. Never thought I'd be defending Sony, but there it is.

As bevinator says, this isn't an attack Sony's security as such, they simply got a hold of the account information obtained by hacking other unrelated servers, such as the attack on Codemasters, etc., and using that information to try and gain access to Sony accounts.

And let's face it, if you're using universal passwords and account names, you're going to be the victim of such attacks eventually regardless of how much security the likes of Sony have.

Yep, this is why I changed all my passwords everywhere after the first attack. Just to be sure something like this would not happen to me.

I thought this was just a joke.

This wasn't so much a flaw in Sony's security, but a lesson in why you shouldn't re-use username/password pairs across different sites. The one thing in this that Sony could potentially be faulted on is not detecting and locking out the attacker earlier, although this criticism depends on how distributed the attack was. If it was launched from a large botnet so that each IP address was only launching something like 5-10 login attempts, then there's not much Sony could have done. However, if it was launched from a smaller base of computers, such that Sony's servers were seeing hundreds or thousands of login attempts from each IP address over a fairly short period of time, then Sony should have locked out those IPs much faster than they did.

Agreed. This has little to do with Sony, and everything to do with people using the same passwords on multiple sites. This is nothing new really, Microsoft has this sort of thing occur as well.

I got 'hit' by this, as one of the people affected, and absolutely nothing happened. I use a different password for every site I'm on.

How do you know you got hit? Email?

Anyway, I doubt they got into mine. Even if they did, all my information is fake and there is no payment options on my account.

Rather than a firewall they may as well put a revolving door in their series of tubes.

Actually this doesn't seem like a fail for Sony, someone targeted their accounts and managed to get pretty much nothing but a username from the few that were compromised... that is if they're telling the truth (which they may not be).

Sony locked out my account until I checked PSN's website, saw there was an email sent out, checked my inbox, and reset my password. In fact, I couldn't be happier with their rapid response, considering they blocked my account within minutes of the attack starting (Demon's Souls started complaining about my account logging itself out).

Well I had no problem with getting into my account, so I must be good, Thanks.