Second Sony network shut by hacker fear

Sony closed a second online network for its gaming customers and said for the first time that hackers had stolen account information on thousands of payment cards.

The company disabled the Sony Online Entertainment system, which serves players of its EverQuest and other games played from personal computers.

It said that at around the same time that one or more hackers broke into the larger PlayStation Network for console gamers, there was a similar breach at the PC service.

Names, e-mail addresses, home addresses and phone numbers for 24m users were stolen, and a database from 2007 was also compromised, exposing more than 12,000 debit and credit card numbers and more than 10,000 debit transaction records from Austria, Germany, Netherlands and Spain.

The Japanese electronics group is still discovering fresh attacks, according to people close to the company, but a spokeswoman said the latest decision to close the Online Entertainment System related to the discovery of a previous breach rather than a second attack.

The move stunned gamers and showed that Sony is still struggling to understand the extent of the flaws in its technology defences nine days after it took down the PlayStation service.

Sony apologised and said it would pay for identity theft protection for users of both networks, though it said it has no evidence of payment card data theft on the PlayStation service.

Security experts said it was not surprising that more problems are still being discovered.

“If a hacker gets in through the front door, you have to look at every single room,” said Hemanshu Nigam, former chief of digital security at News Corp. “Sony is finding out what happens if you don’t do security right.”

Sony is working with Oracle and three smaller security companies, which designed parts of its system, to help in its internal inquiry. The US Federal Bureau of Investigation is also investigating.

On Sunday, company executives apologised for the first breach, which exposed the e-mail addresses and Sony passwords of more than 70m consumers.

Sony said it is strengthening its security and hiring a new head of data protection.

Also on Monday, Sony declined an invitation to testify at a US House hearing on data protection scheduled for Wednesday. A spokeswoman for congresswoman Mary Bono Mack said that Sony had promised to answer written questions about its delayed announcement of the hacking by the end of Tuesday.

Additional reporting by Chris Nuttall

Copyright The Financial Times Limited 2017. All rights reserved. You may share using our article tools. Please don't cut articles from FT.com and redistribute by email or post to the web.