Sony's PlayStation Network was compromised nearly two weeks ago. The online services for the PlayStation 3 have yet to recover or come back online since the incident. This morning, Sony's PR director Patrick Seybold claimed that there was no truth to the rumor that credit card information was stolen by hackers. However, SOE cautioned gamers to be vigilant nonetheless.
It has now come to light via Nikkei.com that there was a reported second security infraction in Sony's gaming network. Nikkei claims that nearly 12,700 credit card numbers were stolen from Sony Online Entertainment this past Sunday in a second attack. As we reported this morning, all SOE sites have been brought offline because of "an issue that warrants enough concern for [SOE] to take the service down effective immediately," according the the site.
Michele Sturdivant, a spokeswoman for Sony, countered this allegation in The Wall Street Journal. "We temporarily took down SOE's services as part of our continued investigation into the external intrusion that occurred in April," Sturdivant affirmed. "This is not a second attack."
[Update: SOE has posted a security update to The Station.com. "We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password." The notice further suggests that "information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained" but that the "main credit card database" was not compromised in the attack. It appears this is part of the larger PSN attacks and not a separate security breach.]