When mysterious tweets appeared on the official Sony PlayStation Twitter feed on Monday morning, it quickly became clear that the account had been hacked. Indeed, the hackers made little effort to hide their activities, proudly announcing that the breach had been carried out by the OurMine Security Group.
Initially there were a few tweets posted by the group, although Sony’s team quickly regained control of the account. The PlayStation Facebook was similarly compromised, with some updates being posted there too. All messages were quickly removed.
A social media breach is always concerning, particularly for businesses; hackers can spread disinformation, defame competitors and damage the company reputation. This could land them in court, or cause customers to defect to a competitor who they believe to be more secure.
A more worrying detail
The tweets and status updates were relatively benign in this case – but the second message was certainly more concerning:
OurMine claimed to have breached Sony’s company network too, stealing key customer data too. This is not the first time Sony has been hacked, nor that sensitive customer information has been stolen.
When journalists contacted OurMine, a spokesman confirmed “We got only registration info [usernames, names, emails, etc.]. No, we are not going to release it. We are a security group; we will only send it to Sony to prove it. And no, Sony haven’t contact us yet.”
Sony on the other hand have neither confirmed nor denied that their social media accounts or database had been hacked.
Obviously this lack of clarity from Sony is concerning for PlayStation Network users who may have had their personal information stolen. After all, anyone using their PlayStation online has personal data registered with Sony.
A warning for PlayStation users
Whether personal data was stolen by OurMine or not, now is the perfect time to change your PlayStation Network password. Changing passwords regularly is a great way to protect against becoming a hacking victim. But you shouldn’t wait for a security breach to make the changes.
Instead, consider setting yourself a monthly reminder. When the alarm goes off, you can then change the most sensitive passwords. This is undoubtedly time consuming and fiddly – but also far less hassle than trying to pick up the pieces after a successful breach.
And as always, make sure you don’t use the same password on every site. This handy guide will show you how to create a secure password.
Because Sony haven’t confirmed whether a breach really did take place, we can’t tell how OurMine gained access (if at all). But if the attack followed convention, malware would have been involved at some point – either inside the Sony network, or on an army of zombie PCs that helped crack the corporate firewall.
Obviously to protect against being a victim, or prevent your computer from being used to participate in an attack, you should have a reliable anti-malware tool installed on your computer. Download a free Panda Protection trial now, and be safe in the knowledge that your data is more secure than Sony’s.