Sony apologizes, says 10 million credit card accounts may have been exposed in network attack


This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

Sony has revealed that 10 million credit card accounts may have been exposed two weeks ago when a hacker broke into the company’s computers in San Diego and stole data from 77 million PlayStation Network accounts.

During a news conference in Tokyo on Saturday, Kaz Hirai, Sony’s executive deputy president, offered the company’s first public apology by an executive and promised to compensate customers.


‘We offer our sincerest apologies,’ Hirai said, then bowed deeply in a Japanese custom showing regret, at the news conference, a recording of which can be viewed here.

Hirai said Sony would give affected customers 30 days of free access to its Qriocity music-streaming service as well as 30 days of access to its PlayStation Plus online game service. In addition, Sony said it will provide credit card protection services for the 10 million customers whose data were compromised.

Sony last week said it had encrypted credit card data, but not other account information, including names, addresses, email addresses and birth dates.

The break-in, which occurred between April 17 and April 19 but was not disclosed until April 25, drew furor from U.S. lawmakers, who last week demanded more information from Sony about the intrusion and why the company took a week before notifying its customers.

Sony has maintained that the company acted as quickly as it could to ascertain the nature of the break-in, hire security experts and assess the scope of the damage. During the news conference, Hirai offered a time line of the events, saying the company was notified of the intrusion on April 19 and shut down the service on April 20 to investigate. It hired three firms to conduct a forensic analysis of its computers.

Clarifying an earlier statement that said consumer passwords were not encrypted, Sony said they were ‘hashed,’ a form of mathematical obfuscation that makes it difficult for a hacker to read the passwords.


-- Alex Pham