The hacking group responsible for the denial of service attack on Blizzard’s servers over the weekend has claimed to have released a log of customer information (usernames and passwords) of PlayStation Network accounts, as well as other gaming networks.
A Pastebin document with alleged customer login info was released by the hacker group “DerpTrolling”, and claims to be a “very small portion” of the data collected on popular networks of Sony, 2K, and Windows Live. In the document, over 2000 PSN username and passwords were leaked, as well as a similar amount for 2K Games and Windows Live.
The group recently posted to Twitter the link to the Pastebin file, as a warning to the companies. CNET reports that credit card data, alongside millions of usernames and passwords have been rooted off of the company servers, and that the reason behind the attacks is to force the companies to upgrade their servers against such attacks.
This isn’t the first time that PSN customers have seen their information floating in the ether. Back in 2011, the PlayStation Network was taken offline for an extended period while Sony beefed up security after an external intrusion outed the information of over 70 million PlayStation Network users. The 2011 attacks on Sony’s network ended up costing the company nearly $200 million dollars, and forced all users of the network to change their passwords when the network returned online.
It doesn’t sound like this situation is anywhere near that level of magnitude, but Sony nor any company has issued a response to the Pastebin file release.
Update: Security Experts at Trend Micro believe that this alleged breach is a hoax. Using a random cross referenced sample of the recently posted list and previous breaches, the majority of the data has shown up before.
“The random sample cross-referencing I have done certainly show that the majority of data listed here has shown up already in previous breaches with a very few exceptions which seem to appear only in this particular paste,” Rik Ferguson tells The Guardian.
Ferguson doesn’t rule out the possibility that this data comes from new hacking efforts. Though the security expert has given his opinion on the leaked data, and that it’s been assembled from previously leaked information.
Microsoft was the only company to issue a statement on the alleged leak, saying that they were investigating the issue. None of the other companies named in the leak offered any comment on the matter.