(Updated) 24.6mil user accounts, other data compromised — SOE

More bad news for Sony customers; following the recent shut-down of Station.com over ‘issues that warranted concern’, Sony Online Entertainment has announced that its systems may have indeed been illegally accessed on April 16th and 17th.

According to the official word from the company, “personal information from approximately 24.6 million SOE accounts may have been stolen [name, address, e-mail address, birthdate, gender, phone number, login name, hashed password], as well as certain information from an outdated database from 2007.”

Said information includes “approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain [bank account number, customer name, account name, customer address].”

The theft came to light on the morning of May 2nd (Tokyo time) during a review of SOE’s systems.

To compensate for the downtime, SOE is offering its customers 30-day subscription extensions and will in addition offer compensation for every day the service is unavailable. A “make good” plan for PS3 MMOs DC Universe Online and Free Realms is also in the works. More on that later in the week.

In a follow-up statement, Sony has made it clear that the loss of this data was not the result of a another attack: “While the two systems are distinct and operated separately, given that they are both under the SONY umbrella, there is some degree of architecture that overlaps. The intrusions were similar in nature. This is NOT a second attack; new information has been discovered as part of our ongoing investigation of the external intrusion in April.”

Update: Only 900 of those 12,700 non-US credit cards were active, Sony has told gi.biz. So that’s a bit of good news at least.