Sony Breach May Lead To Spear Phishing Attacks

Written by Sue Walsh on May 19, 2011

Phishing

Sony is warning customers who use the Playstation Network and/or Sony Online Entertainment to be on the alert for possible spearphishing attacks. The company suffered a data breach and says a hacker may have gained access to over 24 million accounts including email addresses, birthdates, phone numbers, passwords, and more-including credit card numbers, which have been spotted for sale in several cybercrime forums.

“Sony will not contact you in any way, including email, asking for your credit card number, Social Security number or other personal information,” the company said in a letter to customers posted on its Web site. “If you are asked for this information, you can be confident Sony is not the entity asking.”

The breach occurred on April 16th and 17th.  Security experts are recommending that all affected customers cancel their credit cards immediately. It’s not clear if this latest breach is related to the Epislon breach that occurred in early April. The company, which handles commercial emailings for Best Buy, Capital One, Chase, Home Shopping Network and other large corporations, had their servers hacked into and millions of email addresses stolen. I was one of the consumers affected by that breach and have yet to see any phishing emails pretending to be from those companies, so it’s not clear what the hackers behind that breach, which didn’t expose any financial data, plan to do with the data they stole. It’s possible it was a practice run for the Sony breach, which did gain millions of credit card numbers.

Sony has so far been good at keeping their affected customers informed but it would be a good move to offer to pay for credit monitoring for those who want it.

Comments

Tony Donald May 19, 2011

I believe that Sony already promised a year or two of credit monitoring to their customers, so that base is already covered.

I think that as much as people are worried about having their cards being used for fraudulent charges, it’s going to be more phishing-related. If somebody uses your credit card and you keep an eye on your account like a good consumer, then you can get the charges reversed. Having someone con you out of your funds is a different story entirely.

  • (required)
  • (required)