Beyond the Password

Standard

One day five months ago, Karim Hijazi saw an unusual sight while reading his work email. A message that had been marked as “read” was suddenly marked “unread.”

What the founder of Unveillance, a computer-network security firm, soon learned was that hackers had broken into his account.

The hackers gained access to his email by stealing log-in information from an insecure website, which they then matched up with a password they found on the Internet. After downloading all of his emails, the hackers sent Mr. Hijazi a message demanding he share sensitive security information with them. When he refused, the hackers released his emails on the Web.

“It was like a baby with a gun,” he says.

The Play by Play On Sony’s Massive Data Breach

Standard

On a Tuesday afternoon last month, engineers working for Sony Corp. were baffled when several servers running the company’s PlayStation Network suddenly turned themselves off and then back on.

At the time, the unexpected rebooting seemed like an odd malfunction. The next day, however, the engineers found the first evidence that an intruder had penetrated Sony’s systems, prompting the Japanese company to take what it calls “the almost unprecedented step” of shutting down the popular online gaming network.

Sony Chief Executive Howard Stringer issued a public apology this week for what the company later disclosed was a data breach that compromised more than 100 million user accounts on three public networks, and a delay in informing users of the theft. Sony says the loss included users’ names, birthdates and passwords. It also hasn’t ruled out the loss of credit card numbers associated with the Sony PlayStation network.

Sony Brings In High-Tech Sleuths

Standard

New details emerged about Sony Corp.’s investigation into one of the biggest data breaches in history, as the company attempts to piece together who stole personal information from more than 100 million accounts on its online game networks.

At least some of the attacks came from a Malaysia-based server, a person familiar with the matter said, though it wasn’t clear if any of the hacking was actually done from there, or whether only the server there was used.

Sony Faces Suits Over PlayStation Breach

Standard

Plaintiffs lawyers are targeting Sony Corp. with class-action suits after a breach of the company’s online-game network compromised the personal information of millions of users.

In one lawsuit, filed in the U.S. District Court’s Northern District of California, videogame player Kristopher Johns said Sony’s security was negligently poor and the company failed to encrypt personal information.

Hacker Raids Sony Videogame Network

Standard

A hacker stole the names, birth dates and possibly credit-card numbers for 77 million people who play online videogames through Sony Corp.’s PlayStation console, in what could rank among the biggest data breaches in history.

Sony, whose gaming network has been offline for six days, disclosed Tuesday that an “illegal and unauthorized intrusion” between April 17 and April 19 resulted in the loss of a significant amount of personal information that could be used in identity theft.

The PlayStation Network is used by owners of the company’s game machine to play against one another, chat online and watch movies streamed over the Internet. Sony warned users the intruders may have accessed billing addresses, purchase histories and account information for their children.

Fueled by fast Internet connections, online-gaming services have become global social hubs for tens of millions of people who spend hours competing and cooperating on fantasy quests, combat missions and other activities. People across the globe pay monthly fees to play online-computer games like “World of Warcraft.” Most titles for the PlayStation 3 and Microsoft Corp. Xbox 360 have online components.