Sony Assures Credit Card Data Was Encrypted

 Pages 1 2 3 NEXT
 

Sony Assures Credit Card Data Was Encrypted

image

PlayStation Network users' credit card data may have been hacked into, but at least it was encrypted.

Around a week ago, Sony was forced to shut down the PlayStation Network, and the company later admitted that the act was the result of a malicious attack that could have exposed millions of users' personal data, including credit card information, to an unknown party. While this sounds gosh darn downright awful, a recent Q&A on the PlayStation Blog has at least revealed that this credit card data was encrypted, and may not have been as easy to acquire as it seemed earlier.

An email that Sony sent to 77 million PSN users warned that they might want to take somewhat drastic steps to protect themselves, including checking their credit reports. As it turns out, this was simply to take every precaution necessary because the information that was leaked is still unclear. While personal data was not stored in an encrypted state, credit card data was.

The Q&A states: "While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network."

Sony also says that it is working with law enforcement and "a recognized technology security firm" to take down the external force that made its way into the PSN. "This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible," the Q&A adds.

If you need more information on protecting yourself, and haven't gotten Sony's email yet, the Q&A can be found here.

Permalink

That is releaving to here.

Though I still plan to change my card...Just in case.

Sony, look down.

See the fire? That's coming from your pants.

In all seriousness, I am just glad that I don't own a PS3. I really hope no ones data gets stolen.

This Q&A was released on Sony's blog a day ago.
Kinda late in reporting this.

Shadie777:
This Q&A was released on Sony's blog a day ago.
Kinda late in reporting this.

Just like Sony!

I wonder how well it was encrypted.
Also, why wasn't personal data also encrypted? That's almost as important as the credit card info, and EVERYONE enters that in, whereas a large number of people use prepaid cards to buy things.

People like Evilsanta make me laugh so hard.

OT: I am GLaD I don't own a PS3. Hopefully the ones that do won't get their money and all that data stolen.

Hopefully this means things are going to cool down slightly.

Im gonna call it now. Nobody is going to believe this, because everyone is too angry at sony to be logical.

HankMan:

Shadie777:
This Q&A was released on Sony's blog a day ago.
Kinda late in reporting this.

Just like Sony!

You managed to make me laugh, thank you ^^
Since this is the internet I will like to say this isn't sarcasm :D

Seriously though, its nice that I know a little bit more about the situation now. I also believe that checking the PS blog instead of always relying on the escapist is a good idea for people who don't know whats going on.

Tom Goldman:
While personal data was not stored in an encrypted state

Which is a pretty big mistake as far as I'm concerned.

Tom Goldman:
Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network."

So I guess that you requesting it every time I want to buy something from the Playstation Store doesn't count? Don't lie, Sony.

Echo136:
Im gonna call it now. Nobody is going to believe this, because everyone is too angry at sony to be logical.

Nah, nobody is going to believe this because Sony has changed their story with regards to this incident more than most people change their underwear. There's no way to know if this one is finally the truth or if tomorrow we'll get another story which also may or may not be the truth.

Bottom line, I am very glad I always took the extra time to remove my CC info from my PSN account after each purchase.

Tom Goldman:
Permalink

And another false-alarm bell is forced to stop ringing. There've already been people insisting it was just stored there in a text document. It's getting harder and harder to blame Sony for this, but people are still trying. I guess it's easier to throw darts at the only face you can see. Hopefully they'll catch the hackers and give folks a new Guy to burn.

Because of the "Rule of CYA," I didn't believe for a moment that Sony would store credit card data in an unencrypted state. Even if they had never been hacked, that would be opening themselves up to a lawsuit in itself; they had to know that.

Unfortunately, even encryption methods aren't infallible. And if the hackers do get that data, it won't matter that Sony barely qualifies as negligent in this case; the people will want blood.

I hope they catch the hackers and work a little vigilante justice on them.

Oh, thank god!

so the hackers that were able to steal pretty much everything from a major corporation will be utterly thwarted by Sony's encryption? sounds sketchy.

Shadie777:
This Q&A was released on Sony's blog a day ago.
Kinda late in reporting this.

This

robert022614:
so the hackers that were able to steal pretty much everything from a major corporation will be utterly thwarted by Sony's encryption? sounds sketchy.

Oh this as well.

Well, this is good to hear.

Hopefully, Sony can catch this guy/guys, and we can then proceed with tieing him to a mast and flogging him with an angry cat. I want to start playing Mortal Kombat online, dammit! (yes, I am aware that PSN should be back up by the 3rd)

'An email that Sony sent to 77 million PSN users warned that they might want to take somewhat drastic steps to protect themselves, including checking their credit reports.'

Hmmm... I wonder why Sony never sent me an email.

Sober Thal:
'An email that Sony sent to 77 million PSN users warned that they might want to take somewhat drastic steps to protect themselves, including checking their credit reports.'

Hmmm... I wonder why Sony never sent me an email.

They did, probably. They are sending emails to 77 million accounts after all, and claimed they technically should all arrive by the end of April 28th.

Tom Goldman:

Sony also says that it is working with law enforcement and "a recognized technology security firm" to take down the external force that made its way into the PSN. "This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible," the Q&A adds.

THIS! This is what I've been waiting to hear. Find them, Sony. Find them. If they are outside of the U.S., hire some sort of hitman and eliminate them. If they are in the U.S., do the same thing or do it yourself. I want them found and dealt with just as much as I want my PSN back.

To shut some people up:

This doesn't have to do with the console. It is about the Network Service. Everyone can survive a week or 2 without online. Now, if you were brave enough to allow Sony to have your credit card account number and code, it's your head. I wasn't. Which is why I waited for the PSN cards.

As for the encrypted data, kind of late to the party. This took them a week to figure out? Really?

My co-worker had 6 250 withdrawals from his account today. I think it's pretty safe to say that the 'maybe' is out the window.

mjc0961:
Bottom line, I am very glad I always took the extra time to remove my CC info from my PSN account after each purchase.

I do this all the time. Amazon keeps trying to save it. I will take security over convenience any day. It also helps as a final check on buying something. Is this something I really want? If so I will bother to fill in my credit card information again.

Sinclose:

Sober Thal:
'An email that Sony sent to 77 million PSN users warned that they might want to take somewhat drastic steps to protect themselves, including checking their credit reports.'

Hmmm... I wonder why Sony never sent me an email.

They did, probably. They are sending emails to 77 million accounts after all, and claimed they technically should all arrive by the end of April 28th.

Thanks for the info!

The real issue here is that nothing else was encrypted which means this the hackers hackers have all the other information so if you use the same password for another service I would change that as well.

Good! At least they didn't entirely drop the ball then.

Several dozen people have chimed in on Ars Technica stating that, since the attack, they've had suspicious activity on the cards they used for PSN.

http://arstechnica.com/gaming/news/2011/04/ars-readers-report-credit-card-fraud-blame-sony.ars

I'm actually getting tired of the same PR line. Sony, you want to re-sssure us, don't copy and paste your ealier statements. They sound rehersed enough rithout sounding like a recorded message.

At this point, I wouldn't be surprised if Sony said this is all a hoax and everyone who owns a PS3 is getting upgraded services tomorrow.
No wait! The upgraded services are only available to people who called the Q&A line!
No wait! The Q&A line was hacked into and everyone who called the Q&A line has to do a funny dance or all their golds will be stoleded!
No wait! Everything is fine because the Q&A line was encrypted and nothing really happened!

Still sitting back playing my xbox, laughing at Sony =)

This is the company who's root key on the PS3 was leaked. Let's just say when even the best encryption algorithms can be cracked, Sony's isn't the best. Also why the hell were passwords in plaintext? That's just dumb.

This is just more spin. Trying to counter the devastating implications of this: http://lo-ping.org/2011/04/26/psn-hacker-chat-logs/ (where the "users" seem to be indicating that the info was not, in fact, encrypted).

Why counter it? Because they're potentially liable for billions.

Ever use a credit card at any store? - Or in fact have you ever removed your credit card from your wallet?

You are in a greater threat handing your card to a waiter in a restaurant than something happening with this crap. Who uses a bank these days that doesn't fix these issues in the matter of a couple days.

Just had my card duped last month - Over $3000 was stolen from my account. 1 call to my bank and it was back in 2 days time and 5 days later I had a new card. Not really a life ending event. If your bank doesn't work like this you need to get a better one.

Well, no matter the outcome, I'm glad I got my old, non-functioning credit card entered in my PSN.

 Pages 1 2 3 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here