As promised, Sony Online Entertainment has updated its official site to let customers know why it took down its services earlier today. To say it isn’t good news for customers is a major understatement. According to the update, SOE took its game services down because of an intrusion that saw much of the same personal data and credit card info compromised by outside sources – similar to what happened on PlayStation Network. SOE says that personal info related to SOE accounts "may have been stolen" in a cyber attack.
This data includes "name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password." In addition, information from an outdated database from 2007 was compromised during the attack. This database contained approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of some customers in Germany, Austria, Netherlands and Spain may have also been obtained.
SOE says that there is no evidence that its main credit card database – a separate service, they say – was compromised. Some are reporting that this was a second separate attack independent of the original attack on PSN.
"We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible," the statement read.
To deal with the situation SOE has taken all game services offline, have engaged an outside security firm, and have taken steps to secure all of its games and services.
The usual advice that Sony offered to PlayStation Network users has been recycled for the SOE security breach. The best thing that SOE users can do is contact their bank or credit card company and cancel their cards.
We will have more on this story as it develops.