April 27—, 2011 -- Listen up, PlayStation fans: It's time to take stock of your online accounts.
In the aftermath of the Sony PlayStation security breach that affected a reported 77 million network users, cyber threat experts caution that you can't be too careful.
In a message to customers Tuesday, Sony said that personal information, including names, addresses, birth dates, email addresses and PlayStation logins and passwords, may have been stolen in a hack that has taken its network offline for the past week.
While the company said there is no evidence that credit card information was compromised, it added that "we cannot rule out the possibility."
Sony said it is investigating the breach and expects to restore parts of its service within the week. But while the company takes care of internal damage control, security experts say its customers should do some due diligence of their own.
Hackers could not only use the stolen information to attempt to break-in to users other online accounts, they could use email addresses to send you official-looking messages filled with malware or directing users to dangerous Web links.
Worst of all, they could hit you where it hurts the most -- your wallet.
Security Expert: Keep a Close Eye on Personal Information
Beth Jones, a senior threat researcher for the security firm Sophos Labs, said PlayStation users might even want to go so far as canceling the credits connected to their accounts.
"I'll be honest, for myself, because I'm paranoid, I would immediately cancel the card, just because as far as you're concerned, that card could possibly be compromised," she said. "We're keeping our fingers crossed that it wasn't compromised, but for some of us that really are paranoid, I would cancel it."
Keeping an eye on credit reports and bank statements is always a best practice, but Jones said that after attacks like this people should take an even closer look at their financial statements and online accounts.
"It's just reiterating how important it is to be aware of what's going on with your personal information," she said.
And your online passwords? Change 'em.
Given how frequently people recycle their passwords or use the same one for several accounts, Jones said, PlayStation users should assume that hackers have their old passwords and choose a new one -- pronto.
PlayStation Attack Could Lead to Rise in Phishing Attacks
Phishing attacks over email could be another possibility.
Sony has said that it will not contact customers in any way, including via email, asking for credit card numbers, social security numbers or other personally identifiable information. If customers are asked for those kinds of information, they should know that the requests are not authorized by Sony, the company said.
But now that hackers have 77 million email addresses, Jones said spammers could easily create official-looking emails that appear to be from banks or credit card companies, carrying malicious Web links. Once clicked, those links could bury malicious code on people's computers or attempt to trick them into turning over important personal information, such as credit card information, bank account log-in data social media accounts.
Experts caution that you should be wary of unsolicited messages, especially when they include attachments and request information. If you receive a message from a company or your bank, skip the link in the email and go straight to their website, they say.
Jones also said you should consider changing the security questions connected to your accounts. Several sites use the same questions, and hackers could use them to try to gain access to other online accounts.
As for the scale of the PlayStation attack, some reports have called this the "biggest security breach ever," but Jones said that while it's significant, it's not quite as big other past security breaches. What makes this attack so jarring is the name of the company connected to it.
"This one has definitely taken more people by surprise because it's such a well-known company, and the brand trust we have in Sony is so huge," she said. "That's what gives it the bigger impact."