Sony delays PSN restart as third breach is discovered
As Sony works to restore its PlayStation Network (PSN) and Qriocity services – which likely will remain offline until at least the end of the month following two massive data breaches – the company has sustained a third exposure, this time involving the personal information of thousands of sweepstakes contestants.
Sony said it has removed from the internet the names and partial addresses of 2,500 contestants who entered a product sweepstakes in 2001, according to Reuters, which first reported the news. The data did not include credit card, Social Security numbers or passwords.
The latest incident follows two breaches that exposed the personal information of more than 100 million Sony customers.
Mikko Hypponen, chief research officer at anti-virus firm F-Secure, told SCMagazineUS.com in an email Monday that independent Japanese security researchers discovered the sweepstakes information while probing public Sony servers after learning of the previous data leaks.
“What they found was an old sweepstakes server,” Hypponen said. “This server had some of its scripts readable by anyone, and it was easy to deduct where the customer information was saved.”
Hypponen added that the sweepstakes information was not stolen and posted online by hackers, as was stated in a Reuters report. Instead, the information was mistakenly posted by Sony employees to one of the company's own public servers. The file has since been removed, he said.A Sony spokesperson did not immediately respond Monday when contacted by SCMagazineUS.com.
The third leak was not nearly as serious as the first two breaches. Those incidents involved the personal information of up to 77 million PSN and Qriocity services users and approximately 25 million Sony Online Entertainment users.
»
www.scmagazineus.com/son ··· /202465/
