Hackers has frozen 93,000 accounts after attackers attempted to access them using hacked usernames and passwords.
Tests were run against accounts held by Sony Entertainment Network (SEN), PlayStation Network (PSN) and Sony Online Entertainment (SOE) services to determine if a massive set of stolen identities and passwords were reused by customers.
Sony CISO Philip Reitinger said attempts appeared to include data obtained “from one or more compromised lists from other companies, sites or other sources”.
The company determined that “the overwhelming majority of the pairs resulted in failed matching attempts; it is likely the data came from another source and not from our networks”.
About one per cent of PSN and SEN accounts were thought to have been accessed. Sony had temporarily locked and reset passwords for the accounts.
“Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorised access and will provide more updates as we have them,” Reitinger said.
He said credit card numbers linked to accounts were not at risk.
Sophos senior technology consultant Graham Cluley said the silver lining for Sony is that this breach appeared smaller than the attacks that hit it earlier this year.
“That suggests that the accounts which were broken into were using a non-unique password. In other words, you were using the same password on the Sony PlayStation Network as you were on website X,” he said.