Hackers may have stolen the personal information of 24.6 million Sony Online Entertainment users, the company said on Monday.

Amplify’d from www.wired.com

Sony Online Entertainment games like DC Universe Online were taken down Monday, after a security breach that exposed 24.6 million Sony users’ accounts and some credit card numbers.
Image courtesy Sony Online Entertainment

It’s bad news piled on top of bad news for Sony.

Hackers may have stolen the personal information of 24.6 million Sony Online Entertainment users, the company said on Monday. More than 20,000 credit card and bank account numbers were also put at risk. This is in addition to the recent leak of over 70 million accounts from Sony’s PlayStation Network and Qriocity services.

“We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyberattack,” Sony wrote in a statement on its website on Monday.

Sony Online Entertainment is a division of the company that publishes online multiplayer games like the recently released DC Universe Online. Sony turned off all SOE game services Monday after it learned of the intrusion.

Sony said that the compromised personal information includes customers’ names, addresses, e-mail addresses, birth dates, gender, phone numbers, logins and hashed passwords.

Also at risk are the credit card numbers and expiration dates of 12,700 non-U.S. customers, plus 10,700 direct debit records from customers in Austria, Germany, Netherlands and Spain, containing bank-account numbers, customers’ names and addresses. This information was stored in what Sony said was an “outdated database from 2007.”

Hackers may have had this information for more than two weeks now. The intrusion occurred April 16 and 17, Sony said.

Customers first noticed that Sony’s PlayStation Network service was down April 20. After a week of downtime, the company said that hackers had attacked its services and that the personal and credit card information associated with more than 70 million accounts were at risk.

At the time, Sony said that the Online Entertainment division had not been affected by the hack and would remain in operation, telling customers that their data was safe to the best of its knowledge.

Though both Visa and American Express told Wired.com last week that they had no reason to believe their credit cards had been compromised, several dozen Ars Technica readers reported what they believed to be PSN-connected fraud.

The PlayStation Network is still offline, but Sony says it will restore some services later this week, including online multiplayer gaming for PlayStation 3 and PSP. As a goodwill gesture, Sony says it will offer all customers a selection of downloadable content and 30 free days of its premium PlayStation Plus service.

As compensation for the Sony Online Entertainment leak, Sony said that it will give all of its customers 30 days of additional subscription time, plus an extra day for each day the servers remain down.

Sony did not say when its SOE services would be back online.

Read more at www.wired.com