Sony faces more problems as breach fallout spreads

Credit card data stolen from Sony Online Entertainment

Sony is shutting down more of its online services following word of another security breach.

The company took down the Sony Online Entertainment 'Station' service on Monday, which handles the company's PC, Facebook and Massively Multiplayer Online titles.

"In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down immediately," the company said in a statement posted to the site.

The takedown comes as Sony is preparing to reinstate its Playstation Network service on the PS3 gaming console. The service has been offline since 20 April while the company has investigated a security breach.

The breach is believed to have left user account data, including email address, home address and login credentials on as many as 77 million users, open to harvesting. Unencrypted credit card information was not believed to have been accessed by the attackers.

To prevent further breaches, Sony will overhaul its security policies, including shifting PS3 user data to a new datacentre facility and a rethink of security procedures used by the Playstation Network.

Customers will also be asked to install a system update, which requires changing the Playstation Network password.

"These illegal attacks obviously highlight the widespread problem with cyber security," said Sony executive deputy president Kazuo Hirai.

"We take the security of our consumers' information very seriously and are committed to helping our consumers protect their personal data."

When the service is restored, Sony will offer Playstation Network users free downloadable content as well as one month of free access to the Playstation Plus premium service. Customers of the Qriocity music service will also receive 30 days of free service.

UPDATE: Sony has revealed that data from its Sony Online Entertainment (SOE) service has been breached by outside attackers.

"This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007," the company said in a statement.

"The information from the outdated database that may have been stolen includes approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain."