Sony PlayStation has announced that account information has been compromised. According to their published FAQ, they noticed an intrusion into the network in mid-April. They did not release details about how the attack occurred, but they believe that all PlayStation Network/ Qriocity accounts may have been affected.
70 million PlayStation accounts were compromised, including customer names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, and user names. There is also the possibility that credit card data may have been taken.
As we talked about with the Epsilon breach, breached emails are valuable to build customized phishing attacks. In addition, breached passwords are valuable commodities – most people do not customize their passwords per service, so these passwords (along with other personal information) could be used to attempt identity theft / credit fraud. Employees may also use the same passwords within the enterprise, potentially putting corporate information at risk.
A breach affecting 70 million individuals would make the Sony PlayStation breach one of the largest on record.
Aside from consumers taking precautions, companies may want to suggest that employees revise their passwords (whether affected or not) in order to mitigate risks internally.