TOKYO/NEW YORK (Reuters) - Sony CEO Howard Stringer faced harsh criticism of his leadership after the consumer electronics conglomerate revealed hackers may have stolen the data of another 25 million accounts in a second massive security breach.
Sony’s latest revelation came just a day after it announced measures to avert another cyberattack like that which hit its PlayStation Network two weeks ago.
The Japanese electronics company said its Sony Online Entertainment PC games network had been hacked on April 18, but did not find out about the breach until the early hours of Monday and shut down the service shortly afterwards.
The breach may also have led to the theft of 10,700 direct debit records from customers in Austria, Germany, the Netherlands and Spain and 12,700 non-U.S. credit or debit card numbers, it said.
Investors said Sony and 69-year-old chief executive Stringer had botched the data security crisis, a further blow for the company which has struggled to match recent hit products from rivals including Nintendo, Samsung Electronics and Apple Inc.
“The way Sony handled the whole thing goes to show that it lacks the ability to manage crises,” said Michael On, a fund manager at Beyond Asset Management in Taipei, who does not own Sony shares. “The current CEO should step down after the hacker problems and the company’s failure to push out products that are competitive.”
Welsh-born Stringer, a former TV producer who was knighted in 2000, has not commented on the security breach, leaving No.2 Kazuo Hirai to lead the news conference and apology on Sunday.
Hirai headed the networks division and was seen as the likely successor to Stringer, who in March committed to stay in his role for the current year at least.
Hirai may not escape the fiasco unscathed, said another fund manager, who sold Sony shares last year and was not authorised to talk publicly about the company.
“The leadership of Sony is not in a good place right now, which could lead to Stringer stepping down and may sabotage Hirai’s chances of succeeding as the CEO,” said the Taipei-based fund manager.
The attack that Sony disclosed on Monday took place a day before a massive break-in of its separate PlayStation video game network that led to the theft of data from 77 million user accounts. Sony revealed that attack last week.
The PlayStation network lets video game console owners download games and play against friends. The Sony Online Entertainment network, the victim of the latest break-in, hosts games such as “EverQuest” played over the Internet on PCs.
Sony said late on Monday that the names, addresses, emails, birthdates, phone numbers and other information from 24.6 million PC games accounts may have been stolen from its servers as well as an “outdated database” from 2007.
Sony spokeswoman Sue Tanaka, asked whether other data could be at risk, listed the precautions the company has taken such as firewalls, but added it could not be certain.
“They are hackers. We don’t know where they’re going to attack next,” Tokyo-based Tanaka said.
Sony is trying to repair its tarnished image and reassure customers who might be pondering a shift to Microsoft’s Xbox.
The PlayStation Network incident has also sparked legal action and investigations by authorities in North America and Europe, home to almost 90 percent of the users of the network.
On Monday, Sony declined to testify in person in front of a U.S. congressional hearing, but agreed to respond to questions on how consumer private data is protected by businesses in a letter on Tuesday, said a spokesman for Mary Bono Mack, a Republican Congresswoman from California, who is leading the hearing.
The incident that Sony disclosed on Monday also forced it to suspend its Sony Online Entertainment games on Facebook.
Sony posted a message on Facebook saying it had to take down the games during the night.
Facebook games make money from microtransactions and the sale of virtual goods like costumes and weapons.
It was not immediately clear if the data theft included data from players of Sony games including “PoxNora,” “Dungeon Overlord,” “Wildlife Refuge” on Facebook.
Facebook could not immediately be reached for comment.
The servers for both the Online Entertainment unit and the PlayStation Network are based in San Diego but are completely separate, said Sony’s Tanaka.
Sony denied on its official PlayStation blog on Monday that hackers had tried to sell it a list of millions of credit card numbers.
The news comes less than a week after Sony alerted customers that a hacker broke into Sony’s PlayStation video game network and stole names, addresses, passwords and possibly credit card numbers. Sony alerted customers a week after discovering the break-in.
Sony executives apologized on Sunday and said the company would gradually restart the PlayStation Network with increased security and would offer some free content, pleasing a number of its users.
Other users were less forgiving.
“Well, as much as I think what the hackers did was downright criminal, the fact of the matter is they have done a marvellous job of showcasing Sony’s ignorance,” one contributor named Tokyo Guy posted on the Engadget technology website.
“And really, the point needs to be made that if Sony is this incompetent, then they deserve to be sued and fined and lose all their money. It’s pathetic.”
Additional reporting by Edwin Chan in Los Angeles, Alexei Oreskovic in San Francisco, Chyen Yee Lee in Hong Kong and Faith Hung in Taipei; Editing by Richard Chang and Lincoln Feast