Sony Online Entertainment has now revealed that the details of 24.6 million users and 20,000 credit-card and bank-account numbers may have been compromised.
This development is quite separate to the notorious PlayStation Network security breach; Sony Online Entertainment handles the accounts of Sony's online PC gaming offerings, such as the PC version of DC Universe Online, the EverQuest games and more.
"Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems," wrote Sony Online Entertainment. "We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber attack. Stolen information includes, to the extend you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password."
"Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained. We will be notifying each of those customers promptly."
The company contends that it did not believe that Sony Online Entertainment customer data had been accessed, but it's since concluded that this is not the case. Sony Online Entertainment still claims, however, that "there is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment".
In response, Sony Online Entertainment has disabled all SOE game services and "engaged an outside, recognised security firm to conduct a full and complete investigation into what happened" while also attempting to strengthen its security protocols.