It’s been over 3 years since Sony experienced the very embarrassing and expensive PlayStation Network hack. It was followed by extended downtime, account resets, and a lot more backend security being added to the online service. However, it looks as though PSN has been hacked once again.
The hacker group DerpTrolling claims to have hacked PSN, 2K Games Studios, and Windows Live accounts, and has posted usernames and passwords for those accounts on Pastebin to prove it.
For PSN, 2,131 account logins have been made public.DerpTrolling is the group that went after Blizzard’s World of Warcraft servers with a DDoS attack as the new Warlords of Draenor patch launched last week. In the past they have said no user data would be leaked because they just wanted to show the weaknesses in these systems, but no one was taking them seriously, so they stepped up their game.
The leak of thousands of logins is meant to act as a warning, nothing more. No attack will be carried out by DerpTrolling, but by making the login details public someone else may choose to try and take advantage of the data. What DerpTrolling want is for these public-facing systems to get security upgrades implemented as soon as possible, and this action is intended to force that to happen.
The claims made by DerpTrolling as to how much account information they actually hold is quite worrying. It includes a total of 7 million username and password combinations split across 2K, Twitter, Windows Live, Facebook, PSN, and EA’s Origin service. They also claim to have 500,000 credit card details.
I expect all the companies involved will be reviewing the data and reacting quickly to it if it’s legitimate.
As a precaution you may want to go and change the password on any of the accounts you hold mentioned above. Only a small subset of the logins have been released so far, but if DerpTrolling doesn’t see a reaction it’s likely they’ll release the rest.