Sony closes gaming site after second security breach

Sony shut down a second online gaming site yesterday and admitted a further 24 million customers had their personal information stolen, only a day after apologising for another breach.

The company disabled the Sony Online Entertainment system early yesterday morning.

It revealed a cyber attack had netted the personal details of 24.6 million PC games customers and the details of 12,700 credit cards.

A separate break-in to the Sony PlayStation network affected 77 million users.

Top Sony executives bowed in apology for the breach - which was revealed last week - at a news conference in Tokyo on Sunday.

Sony New Zealand told the Herald that more than 235,000 New Zealand PlayStation online accounts had been hacked.

But the company said the number of accounts was not the number of people affected as many users had multiple accounts.

It would not confirm how many New Zealand credit card numbers were potentially held by the hackers.

"Of the 77 million PSN accounts worldwide, 10 million had credit cards attached. However, it is important to note that the entire credit card table was encrypted and we have no evidence that credit card data was taken."

Japan, Australia, the US, and Britain are investigating the data theft, which included people's names, email and physical addresses, birthdates, passwords and security questions.

New Zealand's Privacy Commissioner Marie Shroff said the data breach was "very concerning" and her office was in touch with overseas investigators.

The commissioner urged those affected to monitor their credit card statements for unusual activity and consider changing card numbers if they were concerned.

Police have given the same advice, but said they were not aware of any incidents relating to the data theft.

In response to reports that stolen information was being offered for sale on underground forums, Sony New Zealand said: "To our knowledge there is no truth to the reports that lists have been offered for sale."

Auckland University professor of computer science Clark Thomborson said Sony's encryption of credit card data could easily be overcome by hackers.

The theft of passwords was probably more severe because people often used the same passwords across multiple accounts, he said.

"You can lose your identity really quickly with a reused password. And heaven forbid you use the same password on your PlayStation as you did on your bank account."