GameSpot managed to corner Sony Online Entertainment president John Smedley during the GDC Online conference this week in Austin, Texas to get his thoughts on the recent attack that resulted in Sony temporarily locking down around 93,000 PlayStation Network, Sony Entertainment Network, and Sony Online Entertainment accounts.
Earlier this week Sony chief information security officer Philip Reitinger said on the PlayStation Blog that that the data used in the attempted security breach likely came from another source and not from Sony's networks. Smedley sheds a little more light on how Sony came to that conclusion:
"It's just simple math," Smedley said. "There was such a small percentage of successes. They were attacking with a large number. Because of that, the math tells us it wasn't [Sony's information]. We've said publicly when we were compromised before that the information is out there and could have been used. That was obviously the first thing we looked at. Then we did the mathematical analysis and said, 'Obviously that's not what happened.' I'm not going to say it's impossible [the info came from Sony]. We just think that's not the most likely case."
Smedley added that the targeted accounts hadn't been accessed since the PlayStation Network was restored.
Smedley adds that the best way to avoid having an account compromised is to regularly change your password.
"We really strongly encourage users to change their passwords," Smedley said. "We can't force them to log in and do that. A great number of these accounts they were going after were dormant accounts. Those people in many cases had not yet done their password change. It takes some work to get them to focus on that."