When it rains for Sony, it pours for Sony. According to reports from the Wall Street Journal, hackers have managed to infiltrate Sony's subsidiary ISP, So-net Entertainment Corp., and make off with around $1,225 in redeemable gift points.
According to So-net, the company discovered the breach after receiving customer complaints on May 18. A subsequent investigation concluded that hackers were able to tap into approximately 128 different accounts across May 16 and May 17, stealing around 100,000 yen (or $1,225) worth of points from the account holders. An additional 73 accounts were also accessed, their points left unredeemed, and around 90 So-net email accounts were compromised in the attack.
"Although we can't completely rule out the possibility that there is a connection with the PSN issue, the likelihood is low," So-net Entertainment spokesperson Keisuke Watabe said.
To So-net's credit, whatever security system the company employs for its point system did manage to hold for quite a bit of time. That, or the hackers really had no other strategies other than what appears to be a brute-force attack on accounts. It allegedly took the attackers more than 10,000 different attempts before they were finally successful in accessing So-net's system.
Following the attack, So-net has alerted its customers and asked them to change their passwords on their accounts. The company has also stopped point exchanges across its network for the time being.
"At this point in our investigations, we have not confirmed any data leakage," said Watabe, offering up a bit of a silver lining for the attack. "We have not found any sign of a possibility that a third party has obtained members' names, address, birth dates and phone numbers."
The timing of the So-net attack couldn't be worst for Sony. An unrelated Sony attack was also discovered earlier this week, in which hackers managed to penetrate Sony's Thailand site and publish a phishing page on the company's servers. The page was dolled up to look as if it was for the Italian CartaSi credit card, and it asked users to submit all of their specific credit card information before redirecting them over to the official CartaSi site.
Once contacted by F-Secure's Mikko Hypponen, who discovered the phishing attempt, Sony removed the offending page.