Sony warns 25m more users may be affected by hacker attack

Sony has suspended another online service just two weeks after its PlayStation...

Sony has suspended another online service just two weeks after its PlayStation Network was hit by hackers.

A week after Sony admitted that the personal details of 77 million PlayStation Network users could have been stolen, the company warns almost 25 million more may be affected.

The company previously said it did not believe users of the Sony Online Entertainment (SOE) service had been affected by the hack, but now says investigations have revealed SOE account information may have been stolen.

Sony said the breach of the SOE data is believed to have been around the same time as a similar breach of its PlayStation Network, which was suspended on 20 April.

The company says names, e-mail addresses, home addresses, gender, date of birth, login name, hashed password and phone numbers for nearly 25 million users were stolen, but claims there is no evidence that the main credit card database was compromised.

Sony also revealed that a database from 2007 was compromised, exposing more than 12,000 debit and credit card numbers and more than 10,000 debit transaction records from Germany, Austria, Spain and the Netherlands.

Sony is working with Oracle and three security systems to investigate the breaches and has promised to provide identity theft protection for users of both networks, according to the Financial Times.

In a notice issued to UK customers, the company says it will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programmes.

"The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilised," the notice said.

Although Sony said PlayStation network credit card details may have been accessed, they were encrypted and did not include security code details.

The company has also emphasised that no passwords were stored in clear text. "While the passwords that were stored were not 'encrypted', they were transformed using a cryptographic hash function," Sony said in a blog post.

Sony reiterated advice for users of its services to be on the look-out for e-mail, telephone, and postal mail scams that ask for personal or sensitive information, to review all credit and debit card statements, and if they use their Sony credentials on any other services to change those as well.

Read more on Hackers and cybercrime prevention