Hace un par de días CNET informó sobre un tercer ataque contra el sitio de Sony, donde el objetivo era copiar información de los servidores incluyendo nombres de clientes, números de tarjetas de crédito y direcciones. Sin embargo, un reporte del sitio The Hacker News (THN) ha hecho notar que este ataque es falso y la información era accesible desde la web de Sony.

Sony dijo ayer que había retirado de Internet los nombres y direcciones parciales de 2.500 concursantes de un sorteo que “habían sido robados por hackers y publicados en un sitio web“. THN recibió un correo anónimo con enlaces que contenían dicha información, pero lo curioso, es que eran fácilmente accesibles desde la web – haciendo una simple búsqueda en Google con coincidencias del sitio con Perl y archivos XLS.

Los resultados y hoja de Excel arrojados contenían Nombre, Apellido, Ciudad, Estado y Código Postal, pero no tenían datos sensibles (Dirección, e-mail o números de tarjeta). Esto significa que el sitio de Sony en realidad no fue “asaltado” o atacado por Anonymous, pero es evidente que algunos hackers están tratando de encontrar agujeros de seguridad y que la empresa necesita mejores profesionales en el tema.

Fuente: http://www.fayerwayer.com/2011/05/la...b/#more-525127

Que onda? es un

Para Sony?

Les transcribo el mail que recibi de Sony.

May 3, 2011

Dear Valued Sony Online Entertainment Customer:

Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password. Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) may have also been obtained – we will be notifying each of those customers promptly.

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.

We apologize for the inconvenience caused by the attack and as a result, we have:

1. Temporarily turned off all SOE game services;
2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3. Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE’s services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at + 44 870-600-0267 (Monday to Friday 15:00 to 22:00 GMT excluding holidays) should you have any additional questions.

Sony Online Entertainment LLC

***These emails are being sent by Innovyx, our third party email distributor, and will contain either 'soe.innovyx.net' or 'soe.sony.com' in the sender field. If you have any questions concerning the authenticity of this message please view our website for confirmation.