Sony has warned about 70 million users of its PlayStation consoles that it believes their personal details have been stolen by a hacker who forced the company to shut down its global gaming network last week.
The Japanese firm made the admission last night – six days after the attack forced it to close down the PlayStation Network, which allows gamers to play online against each other. The breach, which is thought to have compromised passwords, billing and email addresses as well as other personal data, has prompted fears that many young people could be particularly vulnerable.
Users are being urged to keep an eye on their bank accounts in the coming days and security experts are warning that those whose PlayStation account details resemble those they use to register on other sites risk becoming victims of a wider-ranging and potentially more dangerous scam.
In a statement, Sony confirmed its belief that whoever was responsible for the attack had got their hands on "name, address, country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID" of users. Sony was unable to rule out the possibility that credit card details had been accessed. It added: "It is also possible that your profile data, including purchase history and billing address, and your PlayStation Network/Qriocity password security answers may have been obtained."
Sony also confirmed it had employed a security firm to investigate who is behind the attack, thought by some to be the work of the Anonymous group of "hacktivists" and which comes after Sony's legal action against George Hotz, a 21-year-old who broke digital locks on the PlayStation 3, thereby allowing the console to run unauthorised software.
Graham Cluley, online security expert with Sophos, warned PlayStation users to ensure that their online accounts remain distinct. He said: "Many people use the same password on multiple websites. So if your password was stolen from the Sony PlayStation Network, it could then be used to unlock many other online accounts."
In a blog post, he wrote: "This security breach is not just a public relations disaster for Sony, it's a very real danger for its many users."