Sony subsidiary So-net reports data breach

Sony's So-net Japanese ISP subsidiary warns customers that e-mail and rewards-points accounts were compromised.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read

Someone broke into the network of Japanese Internet service provider So-net Entertainment, a subsidiary of Sony Corp., compromised e-mail accounts, and stole customer rewards points earlier this week, The Wall Street Journal reported today.

It's unknown if the breach is related to recent attacks on Sony that exposed personal data from more than 100 million accounts at Sony Online Entertainment and the PlayStation Network (PSN). And earlier today, a security firm said it found that the Sony Thailand site had been compromised and was being used in a phishing attack designed to steal information, ZDNet UK reported.

"Although we can't completely rule out the possibility that there is a connection with the PSN issue, the likelihood is low," the Journal quoted So-net Entertainment spokesman Keisuke Watabe as saying. Watabe added that it was unlikely, because the attack methods used were different.

Related link
PSN breach exposes records of millions (roundup)

So-net Entertainment warned users yesterday about the breach, and said a computer from one IP address tried 10,000 times to get into the customer rewards service. The intruder was able to access more than 200 accounts, stole about $1,200 worth of points from 128 of those accounts, and redeemed them, according to the report. In addition, 90 e-mail accounts on the So-net network were compromised.

The attack took place Monday and Tuesday and was discovered on Wednesday after customers complained, So-net said. There is no evidence that personal data such as names, addresses, and phone numbers were viewed, according to the company.