Sony Targeted Yet Again; Thwarts Attackers This Time

← Back to Stories (view on slashdot.org)

Sony Targeted Yet Again; Thwarts Attackers This Time

Posted by Unknown on Wednesday October 12, 2011 @12:55AM from the script-kiddies-gone-wild dept.

alphadogg writes with an excerpt from a Network World article: "Sony suspended 93,000 user accounts on several of its gaming and entertainment networks after unauthorized login attempts on those accounts. The attempts occurred on the PlayStation Network, Sony Entertainment Network, and Sony Online Entertainment, and the company says that login information likely acquired from other sources was tested en masse on the networks. Only a 'small number' of the attempts were successful, and no credit card information was leaked. ... Sony Chief Information Security Officer Philip Reitinger said that 'less than one tenth of one percent' of the networks' users may have been affected."

68 comments

Min score:

Reason:

Sort:

Don't read this... it is a curse... by Anonymous Coward · 2011-10-12 00:58 · Score: -1

In 2008, a little boy named Erin was relaxing on the beach in the middle of the day. Whilst doing so, he spotted a small lizard beanie baby about 6 meters away, stood up, and then called out to it. After the lizard asked him what he wanted, Erin said in a confident manner, "I betcha can't lick my buttcheeks!" The lizard replied, "I bet I can!" and stuck out its tongue a few inches. Confident of the lizard's impending failure, Erin laughed. However, he discovered that his confidence was misplaced right as he heard the sound of the lizard's invisible tongue slapping his buttcheek!
Angry, Erin yelled, "I betcha can't lick my buttcrack!" The lizard replied the same way, and then once again stuck out its tongue a few inches. And, once again... Erin heard the sound of an invisible tongue slapping against something, but this time it violated his buttcrack. Furious, he screamed, "I betcha can't lick my butthole!" The lizard replied the same way, stuck out its tongue a few inches, and the exact same thing happened.
For Erin, that was the last straw. He was so furious that he ran up to the lizard beanie baby and tried to stomp on it. However, it somehow managed to crawl up his left pant leg and appeared to be crawling towards his bootyass! In his desperation, he attempted to stop it by blocking it with his hand. He quickly realized that that would not be effective when the lizard merely crawled under his hand. The lump in his pant leg continued onward towards his bootyass. After trying and failing to take off his pants, Erin gave up all hope and began screaming for help. Once the lizard reached Erin's precious bootyasscheekcrackhole, it began crawling on top of it in a square pattern, stopping and continuing every few seconds. Whenever the lizard moved, the sound of a snake was heard many times in a short amount of time. This inflicted tremendous amounts of tickle on Erin's bootyass!
Now that you have read this (even a single word of it), the lizard will crawl on your bootyasscheekcrackhole in a square pattern, inflicting extreme amounts of tickle upon it! To prevent this from happening, post this curse as a comment three times.
1. Re:Don't read this... it is a curse... by maxwell+demon · 2011-10-12 01:39 · Score: 0
  
  You hit the Anonymous Coward.
  The Anonymous Coward turns to flee!
  You see here a -1 cursed Slashdot post.
  You pick up x - a -1 cursed Slashdot post.
  What do you want to read? (slx*?)
  You feel that your are wasting your time.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
93 million accounts? by vlm · 2011-10-12 00:59 · Score: 1

"Sony suspended 93,000 user accounts

'less than one tenth of one percent' of the networks' users
Sony has over 93 million accounts?
As far as I know only about 50 million PS3s have been sold, some to upgraders / replacers / theft or fire insurance claims, so there's probably less than 50 million PS3 user accounts.
The other 50 million or so accounts are ... ?

--
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
1. Re:93 million accounts? by Anonymous Coward · 2011-10-12 01:01 · Score: 1
  
  Can't more than one person have an account on a single PS3?
2. Re:93 million accounts? by Mordermi · 2011-10-12 01:03 · Score: 1
  
  Just to note: Some people may have multiple accounts. I know people with 2+ PSN accounts.
  But it is also for two other divisions of their network, not just PSN.
3. Re:93 million accounts? by Sockatume · 2011-10-12 01:03 · Score: 1
  
  During the hacking fiasco, the press was reporting that there were 100m PlayStation Network accounts, which covers both the PS3 and the PSP. That gives us a total of around 75m units. While many of the remaining 25m will be dummy accounts used to download items from the regional PSN stores (which was quite popular in the early days), I'm sure that the majority are simply friends, family members etc.
  
  --
  No kidding!!! What do you say at this point?
4. Re:93 million accounts? by Anonymous Coward · 2011-10-12 01:05 · Score: 0
  
  The summary does mention Sony Online Entertainment, which runs or ran several MMOs (Everquest, Star Wars Galaxies, I think there were others?) So that might be possible...
5. Re:93 million accounts? by scdeimos · 2011-10-12 01:07 · Score: 1
  
  SOE does online PC games too, you know.
6. Re:93 million accounts? by mitashki · 2011-10-12 01:07 · Score: 0
  
  Sony has over 93 million accounts?
  It is only 265510(oct) or 16B48(hex) accounts
  
  --
  "When all you have is a hammer, everything starts looking like a nail."
7. Re:93 million accounts? by msauve · 2011-10-12 01:08 · Score: 1
  
  "Sony has over 93 million accounts?"
  
  Right on this page - Related Links - "77 Million Accounts Stolen From Playstation Network." And, as the summary says, this is about more than that - "PlayStation Network, Sony Entertainment Network, and Sony Online Entertainment."
  
  So, yes, 93 million accounts is reasonable, based solely on information found on the same page you posted to.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
8. Re:93 million accounts? by diersing · 2011-10-12 01:09 · Score: 1
  
  From the Sony Online Entertainment and Sony Entertainment Network?
  His blog post breaks them down as - (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000)
9. Re:93 million accounts? by Anonymous Coward · 2011-10-12 01:10 · Score: 0
  
  FTFA :
  
  The attempts occurred on the PlayStation Network, Sony Entertainment Network, and Sony Online Entertainment
10. Re:93 million accounts? by Trulyness · 2011-10-12 01:11 · Score: -1, Troll
  
  Don't read this... it is a curse...
  In 2004, a little boy named Jimmy was sleeping in his bed. He then woke up and walked in front of his laundry room and spotted a glass antique doll with blond hair on the laundry room window ledge. He glared at the doll and screamed, "Whore! Slut! The sandwich that never knew bread!" Jimmy immediately regretted his decision as the doll glared at him and jumped off the window ledge. Jimmy ran outside faster than he thought possible and shut the front door behind him, leaving the doll trapped in the living room.
  However, once he ran off of his porch, his clothing vanished and he was sucked bootyass-first into the sky at the speed of light. Once he reached space, his bootyass naked bootyass crashed through the floor in his living room. His bootyass was sticking out of the floor in his living room whilst the rest of his body was trapped underneath his house. He couldn't even move a single cheek!
  Then, his vision somehow transported into his living room, and he became a mere perspective. It was as if he was looking at himself through a security camera. He saw the doll slowly approach his bootyass, put its head on his bootyasscheekcrackhole, and then scream, "Your scourning parading, matched! No more truly will away!" Immediately afterwards, the doll let loose a high-pitched screech that sounded like the scream of a little girl. This act inflicted extreme amounts of tickle upon Jimmy's bootyass!
  Now that you have read this, the very same doll will screech on your bootyasscheekcrackhole and inflict major tickle upon your bootyass! To prevent this from happening, post this curse as a comment three times.
11. Re:93 million accounts? by pnewhook · 2011-10-12 01:15 · Score: 1
  
  Wow 50 million PS3s? Increase that by another 50% and it's getting close to the number of Blackberry subscribers...
  
  --
  Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
12. Re:93 million accounts? by Anonymous Coward · 2011-10-12 01:21 · Score: 0
  
  Plus families share consoles. Two teens and a dad will each have their own PSN accounts.
13. Re:93 million accounts? by Verunks · 2011-10-12 01:24 · Score: 1
  
  Sony has over 93 million accounts? As far as I know only about 50 million PS3s have been sold, some to upgraders / replacers / theft or fire insurance claims, so there's probably less than 50 million PS3 user accounts. The other 50 million or so accounts are ... ?
  I have 5 accounts myself, iirc 2 europeans, 1 american, 1 japanese, 1 hong kong, I bet others have more than one account too
14. Re:93 million accounts? by Anonymous Coward · 2011-10-12 01:26 · Score: 1
  
  Sony has over 93 million accounts?
  It is only 265510(oct) or 16B48(hex) accounts
  You've tried to be clever, but fucked up by a considerable margin. Try again. Clue: 10^6 not 10^3.
15. Re:93 million accounts? by Anonymous Coward · 2011-10-12 01:45 · Score: 0
  
  One thing I find interesting when random numbers are presented in news is the ask myself if it seems likely that the number is correct. Not only if it is possible that it is correct but if it actually seems likely that it is.
  To do this one can do as GP did and compare it to the number of PS3s sold.
  So while it is possible for more than one person to have an account on a single PS3 and even likely that this is fairly common. Do you think it is likely that the average is close to two accounts per PS3?
  With 50 million units sold I would have expected the number of accounts closer to 60 million.
  Perhaps there are some persons that have multiple accounts too but the number still seems a bit high.
16. Re:93 million accounts? by xmousex · 2011-10-12 01:49 · Score: 1
  
  I have 8 accounts, and 0 PS3s.
17. Re:93 million accounts? by maxwell+demon · 2011-10-12 01:56 · Score: 1
  
  Ok, 77 million accounts were stolen, and now 93 million accounts are left. Therefore before the theft, there have been 170 million accounts. Right? :-)
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
18. Re:93 million accounts? by Hyppy · 2011-10-12 02:14 · Score: 1
  
  Wow 50 million PS3s? Increase that by another 50% and it's getting close to the number of Blackberry subscribers...
  Which is, what, about 1.5% of cell phones?
19. Re:93 million accounts? by Jeng · 2011-10-12 02:31 · Score: 1
  
  Current and past SOE customers for games such as Everquest and Star Wars Galaxies.
  
  --
  Don't know something? Look it up. Still don't know? Then ask.
20. Re:93 million accounts? by VGPowerlord · 2011-10-12 03:09 · Score: 1
  
  As far as I know only about 50 million PS3s have been sold, some to upgraders / replacers / theft or fire insurance claims, so there's probably less than 50 million PS3 user accounts.
  As far as I know, PSN accounts are not tied to consoles, so why would upgraders / replacers / fire insurance claims have anything to do with this?
  
  --
  GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
21. Re:93 million accounts? by Anonymous Coward · 2011-10-12 03:25 · Score: 0
  
  Sony has over 93 million accounts?
  As far as I know only about 50 million PS3s have been sold, some to upgraders / replacers / theft or fire insurance claims, so there's probably less than 50 million PS3 user accounts.
  The other 50 million or so accounts are ... ?
  The quoted article states not just PSN, but Sony Entertainment network and SOE (MMO PC gaming) networks also. Besides the fact that one PS3 owner can have many accounts for family members.
22. Re:93 million accounts? by pnewhook · 2011-10-12 03:32 · Score: 1
  
  Of all worldwide cellphones yes, but for smartphones they are #2 in the world, right behind Nokia (android), and ahead of Apple. Although why anyone wants to buy an Android and give their money to Microsoft is beyond me.
  
  --
  Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
23. Re:93 million accounts? by Sir_Sri · 2011-10-12 03:44 · Score: 1
  
  SOE (EQ, SWG, whatever that star wars adventure kids game is), the PSP, qirosity or however their marketing dipshit spelled it which is a mobile music service. Also, once you create an account it exists forever basically (I'm sure they *can* be deleted, but usually aren't).
  The playstation network, and sony's network services in general are a whole lot bigger than just the PS3. There's a lot of overlap between PSP and PS3 owners probably, but the other services not necessarily. How many people played the Matrix onine, Clone wars adventures, vanguard and registered their PSP and Sony-Ericsson phone all using just one account? Most of those people don't overlap, so there' s a lot of accounts (some of which will be so outdated as to be useless).
24. Re:93 million accounts? by Gription · 2011-10-12 04:01 · Score: 2
  
  In Grand Tourismo 5 there is a feature where the game gives you a "birthday gift car" that was produced in the year of your birth. Lots of people were making multiple fake accounts to try and get really rare and expensive cars. Once they got the car they would give it as a gift to their main account.
  (PSN patched the game so people couldn't trade expensive cars any more so that glitch is gone.)
  
  I could easily believe there are lots of fake accounts out there for similar reasons.
25. Re:93 million accounts? by Anonymous Coward · 2011-10-12 05:05 · Score: 0
  
  Yes, and unlike XBL I believe PSN you can't change your account name. So if you're tired of one account name you have to make a new account.
  Additionally, some content can only be purchased with 1 region account, so to buy JPN content you need a JPN account separate from your US or HK or UK account.
26. Re:93 million accounts? by Anonymous Coward · 2011-10-12 09:01 · Score: 0
  
  Of all worldwide cellphones yes, but for smartphones they are #2 in the world, right behind Nokia (android), and ahead of Apple.
  
  Uh, Nokia have never made (and will probably never make) an Android phone.
  You mean Nokia (Symbian). (The number of Maemo and Meego phones is tiny, and I say that as someone who has one of each).
27. Re:93 million accounts? by pnewhook · 2011-10-13 00:28 · Score: 1
  
  Ok thanks. Nokia is the #1 smartphone maker in the world and Android is the #1 smartphone OS. I just assumed they were related. I actually don't know anyone with an Android phone myself.
  
  --
  Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
"Sony Chief Information Security Officer" by bakuun · 2011-10-12 01:08 · Score: 0

Ouch. That's not a particularly nice title to have these times...
1. Re:"Sony Chief Information Security Officer" by elrous0 · 2011-10-12 01:29 · Score: 1
  
  Could be worse. Google hired a former TV psychic as head of their Apps security.
  And, no, I'm not joking.
  
  --
  SJW: Someone who has run out of real oppression, and has to fake it.
2. Re:"Sony Chief Information Security Officer" by Viol8 · 2011-10-12 01:33 · Score: 2
  
  Well at least he could foresee what hacks were coming and when!
  Couldn't he...? Whaddyamean no?
3. Re:"Sony Chief Information Security Officer" by asylumx · 2011-10-12 02:05 · Score: 2
  
  So then he's "SCISO" right? (Schizo... )
4. Re:"Sony Chief Information Security Officer" by Anonymous Coward · 2011-10-12 03:08 · Score: 0
  
  Ouch. That's not a particularly nice title to have these times...
  They didn't have one before the first attacks. They created that position recently.
5. Re:"Sony Chief Information Security Officer" by Anonymous Coward · 2011-10-12 03:32 · Score: 0
  
  Ouch. That's not a particularly nice title to have these times...
  Not sure why not. Part of the title even states "...Thwarts attackers this time" Seems they are learning from their mistake and they did their job. Being attacked isn't the problem, letting them get in and get information is. But that didn't happen. Personally they might wear the title proudly considering this.
Numbers, please! by aglider · 2011-10-12 01:09 · Score: 1

'less than one tenth of one percent'
Which means ... how many accounts?
Are you contacting the compromised account owners for assistance?

--
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
1. Re:Numbers, please! by maxwell+demon · 2011-10-12 01:18 · Score: 1
  
  Which means ... how many accounts?
  Given that they suspended 93000 accounts (see the first line of the summary), Id expect that to be the number of compromised accounts.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
2. Re:Numbers, please! by Anonymous Coward · 2011-10-12 01:37 · Score: 0
  
  it tells you in the article. in fact, it tells you in the summary. you clearly know how to write, so i assume you know how to read as well?
Coincidence? by maxwell+demon · 2011-10-12 01:12 · Score: 1

"login information likely acquired from other sources was tested en masse on the networks."
Acquired from other sources? Maybe from wine hq?

--
The Tao of math: The numbers you can count are not the real numbers.
Probably a more appropriate title these days... by Viol8 · 2011-10-12 01:15 · Score: 1

.. would be Security Officer - Sony.
(For headscratchers - think TLA).
Decent Catch by TheNinjaroach · 2011-10-12 01:17 · Score: 0

Well, at least Sony made a decent catch. Perhaps for the first time in ten years.

--
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
1. Re:Decent Catch by Anonymous Coward · 2011-10-12 02:50 · Score: 0
  
  I guess they're finally starting to learn to lock the flimsy screen door of their Fortress of Stupitude.
2. Re:Decent Catch by wiedzmin · 2011-10-12 05:24 · Score: 1
  
  Maybe. Except this wasn't really a hacking attempt... not even a brute-force password cracking attempt... more like an automated login script more or less. Wake me up when they catch an actual intrusion, through SQL injection or some perimeter vulnerability they may have. This here is a positive publicity stunt.
  
  --
  Bow before me, for I am root.
Didn't they say the same thing last time? by elrous0 · 2011-10-12 01:28 · Score: 0

IIRC, Sony denied anything had been compromised *last time* too. It was only days later that they admitted the scale of the attack and how successful it had been.

--
SJW: Someone who has run out of real oppression, and has to fake it.
1. Re:Didn't they say the same thing last time? by Sockatume · 2011-10-12 01:31 · Score: 4, Insightful
  
  No, last time they kept quiet about the scale, nature, and results of the attack, while this time they've announced the scale (90,000+ users), nature (user/password attempts), and results (some accounts are compromised) of the attack. It would appear that they have learned at least a little.
  
  --
  No kidding!!! What do you say at this point?
2. Re:Didn't they say the same thing last time? by Anonymous Coward · 2011-10-12 02:37 · Score: 0
  
  LOL, rewriting history I see.. That's not how it happened... They reported they had been hacked pretty quickly after it occurred, but couldn't determine the scale of it until forensic analysis had occurred. This would have been true of anyone.. The only difference is that is was Sony, so it gave the Sony hating media a free card to criticise them over it.. It also gave Microsoft an opportunity to brainwash their fanboys with an alternative version of the truth.
"Sony Flips the Bird at Noggly Hax0rz" by Gimbal · 2011-10-12 01:30 · Score: 1

...news at 4:11
"Now back to you, Bob"
All a ruse by gearloos · 2011-10-12 01:41 · Score: 0

Yeah, hacked, again... ok SONY. Yeah sure, I believe you. Oh and you bravely fought them off and stopped them in their tracks.. oh yeah, sure SONY. I believe you. So, to instill confidence back into the blubbering idiots that were/are SONY Security, they come up with this ruse, and use it to make you think they are actually competent.

--
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
1. Re:All a ruse by Anonymous Coward · 2011-10-12 02:30 · Score: 0
  
  If your going to come up with a conspiracy, at least give us some proof.
Or... by poofmeisterp · 2011-10-12 01:49 · Score: 0

...It could be another PR stunt to make it look like they have the best security and tracking team on the planet.
I'd like to hear from one of the 93,000 people whose accounts were suspended. I'd like to know that these are actual accounts with real people.
1. Re:Or... by Anonymous Coward · 2011-10-12 02:24 · Score: 1
  
  I noticed that I couldn't log in to EQ2 last night, but there was a post in the forums about SOE taking things offline for maintenance at 8PM PST (normally they do it at 7am PST). Then, I got this email in the morning:
  
  We are writing to let you know that we have detected an unauthorized attempt to verify the validity of your Sony Online Entertainment ("SOE") Station Account name and password. We believe there was an attempt to use a scripted application of a large set of sign-in IDs and passwords against our network database. This attempt appears to include a large amount of data obtained from one or more compromised ID and password lists obtained from other companies, sites or other sources.
  To protect you, we have locked your XYZ Station Account. To reopen the account, please contact SOE customer service at 1 (858) 537-0898 to verify your identity. We will walk you through the password reset process then.
  Please note that your credit card number is NOT at risk. As a precaution, please review your account for unusual activity and please contact us at 1 (858) 537-0898; we will work with any users with whom we confirm have had unauthorized purchases with account wallet funds, and restore those funds.
  We want to take this opportunity to remind our consumers about the increasingly common threat of account theft, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We advise you to create a new password that is strong, consisting of a combination of numbers, letters and special characters or symbols.
  Thank you,
  Sony Online Entertainment
2. Re:Or... by poofmeisterp · 2011-10-12 02:35 · Score: 1
  
  Too bad that was anonymous.
3. Re:Or... by Sockatume · 2011-10-12 03:09 · Score: 1
  
  You don't have to have "the best security and tracking team on the planet" to notice that someone's trying tens of thousands of usernames and passwords and failing. And it doesn't exactly scream competence when it turns out that user details your company failed to protect are now being actively used by fraudsters. It just compounds the original failure.
  
  --
  No kidding!!! What do you say at this point?
4. Re:Or... by poofmeisterp · 2011-10-12 03:22 · Score: 1
  
  You don't have to have "the best security and tracking team on the planet" to notice that someone's trying tens of thousands of usernames and passwords and failing.
  I didn't say that they ARE the best team. I said "PR stunt" which is targeted at the unknowing, not the most knowledgeable receiver.
  
  And it doesn't exactly scream competence when it turns out that user details your company failed to protect are now being actively used by fraudsters. It just compounds the original failure.
  I also mentioned the possibility that these users don't exist. "PR STUNT" - italicized and capped. I don't know how to make what I said more clear.
  If you're one of the users of a company that releases that kind of information, and you aren't one of the "affected" people, it increases your feeling of safety and security. Simple logic, simple stunt. While they're at it, they may as well have people out on the 'net putting forth information that maintains the feelings of gravity and reality toward this situation that supposedly occurred (again, making others feel they "[weren't] the ones affected"). In fact, there was an anonymous comment in reply to mine where an anonymous commenter posted the notification they got from Sony. If it weren't an anonymous commenter, it would bear some weight. Anonymous = could be as false as the earth being the center of the universe.
  I'm not saying that this IS what happened; I'm saying that it's odd that they are so publicly releasing information about it when, in fact, companies try to keep it as quiet as possible. And I'll balance your counterargument in advance - they also didn't say "we are dedicated to making people aware of the situation, and are striving to be more open than [competitors]."
  If you're going to really play the game, play it through at the beginning to avoid losing customers' positive feelings.
5. Re:Or... by Anonymous Coward · 2011-10-12 05:24 · Score: 0
  
  Just so I'm clear, you think that Sony PR people are posting misinformation on Slashdot, a web site that hasn't been relevant for almost decade now? I think you give this place way to much credit.
6. Re:Or... by Anonymous Coward · 2011-10-12 09:47 · Score: 0
  
  You're one of those people who believe the Government COULD have blown up the World Trade Center in order to facilitate the invasion of Iraq in the interests of securing foreign Oil reserves, aren't you?
93,000 DoS'd accounts by sgt+scrub · 2011-10-12 02:04 · Score: 2, Interesting

Sounds like the attack was successful to me.

--
Having to work for a living is the root of all evil.
1. Re:93,000 DoS'd accounts by DigiShaman · 2011-10-12 03:06 · Score: 1
  
  Does SOE enforce password complexity requirements? If not, I'm guessing all these vulnerable accounts were using easy-to-guess passwords.
  
  --
  Life is not for the lazy.
2. Re:93,000 DoS'd accounts by sgt+scrub · 2011-10-12 04:24 · Score: 1
  
  I don't know. I assume not. Enforcing complex passwords, IMHO, would be better than shutting down thousands of user accounts. Are people connecting to their Sony account and receiving the following message, "We are sorry. Your password sucked. Your account has been disabled. Please go fuck yourself. --Sony"?
  
  --
  Having to work for a living is the root of all evil.
3. Re:93,000 DoS'd accounts by Solandri · 2011-10-12 06:06 · Score: 1
  
  If this is what I think it is, then the accounts DOSed themselves. Most people use the same username and password on different accounts. The spate of "hacked" gaming accounts I've read about recently were mostly due to people signing up for a gaming site or gold buying site. That site gets hacked or sells its username/password list to thieves, who then try the same usernames/passwords to login to various games.
  
  If Sony detects this sort of login behavior (multiple failed login attempts to many different accounts coming from the same IP), the correct response is to lock the account with a message saying that their password has been compromised, and to request a password reset.
4. Re:93,000 DoS'd accounts by Rob+Kaper · 2011-10-12 06:08 · Score: 1
  
  Assuming the compromised database had proper hashing with per-user salts, you are right. In any other case, the vulnerability here was the third-party storage and not the password strength. (On top of password re-use, of course).
5. Re:93,000 DoS'd accounts by sgt+scrub · 2011-10-12 06:18 · Score: 1
  
  If Sony detects this sort of login behavior (multiple failed login attempts to many different accounts coming from the same IP), the correct response is to lock the account
  This is essentially a vector for denial of service. Set up a brute force attack from a throw away ip address with one user:pass. Attack 2 then 3 then 4 then 5... accounts until you hit the sweet spot. Then whenever you wish to DoS Sony user accounts you hit Sony with a brute force attack above the known number of accounts. Or equally malicious, since you know the limit, you can truly use a brute force attack under the sweet spot to avoid detection.
  
  --
  Having to work for a living is the root of all evil.
Misleading Summary by sangreal66 · 2011-10-12 03:16 · Score: 2

The summary states that there 93,000 login attempts and that a small number of the attempts were successful. This is false. There was an undisclosed number of attempts, and 93,000 accounts were successfully compromised. From Sony's own statement:

There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts.
1. Re:Misleading Summary by Anonymous Coward · 2011-10-12 06:00 · Score: 0
  
  This actually makes more sense. 93,000 accounts of failed users that had password 12345 or something similar.
  At least Sony seemed to have improved their security instead of simply re-enabling the entire network in its failed state.
2. Re:Misleading Summary by Anonymous Coward · 2011-10-12 06:53 · Score: 0
  
  @anonymous coward: "This actually makes more sense. 93,000 accounts of failed users that had password 12345 or something similar"
  
  "given that the data tested against our network consisted of sign-in ID-password pairs" link
Families often have more by Quila · 2011-10-12 06:31 · Score: 1

One for each parent, one for each kid. That way the trophies and such stay separate.
'Thwarted'? Try 'tripped over'. by microcentillion · 2011-10-12 07:15 · Score: 1

93,000 compromised accounts. If they can tell that an account was compromised vs. a legitimate use, that means there was something unique to these logins. For the sake of argument, let's just say it was a browser-agent. Let's also make some baseline assumptions:
- Let's say that the 93,000 accounts only make up 10% of the total scope of the attack. 930,000 accounts hit, or 1% of the account-base (according to Sony).
- Let's say that only 1 attempt was ever made per account (the most difficult scenario to detect).
- Let's assume that across all the accounts on these systems, 1% of the logins are fat-fingered, and 50% of the user-base logs in per day: 2% average user error.
* These assumptions are very biased in Sony's favor.

If suddenly 930,000 of your accounts (2% of daily logins) had a 90% login failure rate across the board, that would be a terrifying moment for a sysadmin.
If suddenly 930,000 of your accounts started seeing logins from a uniquely distinguishable user-agent, that's a blatant attack.
If, with a dedicated security team, it takes you 3 days to notice that this is going on, there is undeniable incompetence.

Thwarted? No. It was probably some lone sysadmin scanning through the logs that said 'hey, this user-agent sure is showing up a lot...'.

--
But clearly you have something better to say...