Skip to main content

Sony: stolen user/pass info not from us

"It's just simple math."

It was "simple math" that told Sony the data used to illegally access 93,000 accounts recently was not taken from Sony's network.

There were a lot of attempts but relatively few successes. Had the username/password combinations been taken from Sony, the pass-rate would have been higher.

"It's just simple math," Sony Online Entertainment president John Smedley told GameSpot.

"There was such a small percentage of successes. They were attacking with a large number. Because of that, the math tells us it wasn't [Sony's information].

"We've said publicly when we were compromised before that the information is out there and could have been used. That was obviously the first thing we looked at. Then we did the mathematical analysis and said, 'Obviously that's not what happened.'

"I'm not going to say it's impossible [the info came from Sony], we just think that's not the most likely case."

John Smedley, president, Sony Online Entertainment

"I'm not going to say it's impossible [the info came from Sony]," Smedley added, "we just think that's not the most likely case."

Smedley revealed that "a great number" of accounts targeted were "dormant". That is, accounts with log-in details unchanged since the Great PlayStation Network ID Theft of April 2011.

"We really strongly encourage users to change their passwords," Smedley said. "We can't force them to log in and do that.

"A great number of these accounts they were going after were dormant accounts. Those people in many cases had not yet done their password change. It takes some work to get them to focus on that."

Sony locked the 93,000 compromised accounts once aware of what was going on. A tiny fraction of those accounts were reported to have shown any activity prior to being locked. Exactly what the accounts were used for once illegally accessed is still being assessed.

Sony's head of security reassured users that even if you have a credit card associated with a Sony account, the number on that card is "not at risk".

Of the 93,000 accounts illegally accessed, 60,000 were PlayStation Network / Sony Entertainment Network accounts, and 33,000 were Sony Online Entertainment accounts.

Read this next