PlayStation Network Users’ Credit Card Info Stolen, Says Hackers

Ever since the PSN went down, and Sony admitted that the cause was an “external intrusion,” the biggest fear for PS3 owners was the issue of compromised information. If someone had breached the PSN, then their personal info and passwords were at risk – god forbid their credit card information was stolen.

In official blog posts, Sony eventually told users that their personal info had in fact been compromised. This included names, email addresses, preferences and passwords. They said and still maintain that there is no hard evidence that credit card information was stolen. Even in saying this, they have still warned users that this worst case scenario remains a possibility.

Bad, bad news for Ps3 owners and Sony. The New York Times is reporting that security researchers suspect that the hackers who infiltrated the PSN have in fact stolen credit card information.

The Times talked to Kevin Stevens, a researcher at security firm Trend Micro. He says that he has seen posts on several hacker forums that as many as 2.2 million credit card numbers, expiration dates and possibly CVV2 numbers have been obtained. Stevens says that the hackers were trying to sell the information for upwards of $100,000.

Bizarrely enough, Stevens also says that hackers had even offered to sell the numbers back to Sony, but had received no response. Stevens was not the only security researcher to report these findings, as several others confirmed the reports.

Sony has been pretty tight-lipped about the entire ordeal, and their lack of transparency has infuriated many PS3 loyalists. Sony recently said that the “entire credit card table was encrypted” but apparently that doesn’t matter. From the Times:

“Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers,” said Mathew Solnik, a security consultant with iSEC Partners who frequents hacker forums to track new hacks and vulnerabilities that could affect his clients. Mr. Solnik said that people on the forums had details about the servers used by Sony, which may indicate that they had direct knowledge of the attack.

This situation just keeps getting worse.

There have been no new updates to the official PlayStation blog since this information came out. The latest blog post has some new additions to the FAQ about the outage which discuss goodwill gestures to users when it’s all said and done. With lawsuits already popping up, simple goodwill gestures might not be enough to satisfy.

There are 6 Comments. Add Yours.

Jesus Christ
April 30, 2011 at 12:12 am

How big can this get 4 Sony, if users banks,credit cards, etc. are in fact infringed ? And will it have implications on the future of PSN if that happens ? thank you
jesus christ
April 30, 2011 at 11:58 am

Sony needs to get its legal issues out of the way on where they stand before any restart of the PSN . Personally, i think this could take quite some time before Sony is allowed to assume online credt transactions, this cannot happen a second time. The courts will see to that, the integraty of PSN has been breeched along with 77 million user accounts and personal info infringed. This is more than a 2 week cease and decist and everything is ok issue and away we go again, lol be realistic.
- zulu
  April 30, 2011 at 1:01 pm
  
  your your comment jesus is not all that hypothetical actually ..
  - zulu
    April 30, 2011 at 1:15 pm
    
    There is only roomer so far as 2 when PSN will up and running again, but not much talk about what sort of protection measures will be implemented to reassure costomer confidence in online purchasing, even using playstation network cards its still money spent. yes i could agree this could take some time to make this safe. all one can do is watch the headlines and wish Sony luck in resolving this issue reasonably soon..
jon
May 15, 2011 at 6:09 am

well, it would appear indeed that My credit card details have been stolen from the PSN.

Someone has just cleaned all of my funds from my card using netbankx A UK company. I do not use my CC for any purpose other than purchases over the PSN (which i havent done in a while) and so it would seem whoever charged my card recently, could only have gotten the information from the PSN.

I am an I.T. professional so know about all the usual security issues etc so quite sure it is not at my end.

If this turns out to be Sony and the PSN it will piss me off no end!
Pete
May 15, 2011 at 7:29 pm

I was told yesterday that my credit card has been maxed out and I know for a fact that I only use it for gas and food in emergency cases, and I haven’t used it in a while. So now I’m concerned that my credit card was maxed out due to the PSN hackers aswell..

This is going to be absolutely ridiculous if it was!!!!