93,000 Accounts May Have Been Exposed
Sony’s CISO alerted the customers and the rest of the world to know that some 93,000 of its networks accounts suffered from unauthorized intruders. The number translated to less than one-tenth of one percent of Sony’s IDs and password authentication accounts. Upon detecting the breach, Sony decided to lock down the accounts and notify affected customers to reset their login information with hard-to-guess passwords.
To keep the minds of affected customers at rest, Sony assured them that credit cards associated with those accounts were not at risk. However, the next statement following the ‘assurance’ said that they “will work with any users whom we confirm have unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.” Then, the question remains, why would Sony put the ‘cat before the horse?’ How could Sony claim that no credit card associated with users accounts were affected, and with the same breath say it will investigate to confirm any unauthorized purchases? Would it not have been better to investigate for fraudulent purchases first before asserting that no credit card accounts were at risk?
This disclosure about attempts to access customer accounts has, once again, put Sony’s networks and the company’s vulnerabilities in the global spot light. Given Sony’s size and industry, it would serve the company better if it makes aggressive pursuit and investment in more robust attack prevention tools the number one goal. Such tools should also be integrated with information security models (SSE-CMM), and lead in protecting information assets. Sony could be successful in achieving this goal by staying ahead of the ‘bad guys’ and stop playing catch up.
Retrieved October 13, 2011, from http://www.bankinfosecurity.com/articles.php?art_id=4149&rf=2011-10-12-eb&elq=e76b966101084f92a34f1df2453f1fb8&elqCampaignId=567
No comments:
Post a Comment