PlayStation Network users’ credit card data may have been hacked into, but at least it was encrypted.
Around a week ago, Sony was forced to shut down the PlayStation Network, and the company later admitted that the act was the result of a malicious attack that could have exposed millions of users’ personal data, including credit card information, to an unknown party. While this sounds gosh darn downright awful, a recent Q&A on the PlayStation Blog has at least revealed that this credit card data was encrypted, and may not have been as easy to acquire as it seemed earlier.
An email that Sony sent to 77 million PSN users warned that they might want to take somewhat drastic steps to protect themselves, including checking their credit reports. As it turns out, this was simply to take every precaution necessary because the information that was leaked is still unclear. While personal data was not stored in an encrypted state, credit card data was.
The Q&A states: “While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network.”
Sony also says that it is working with law enforcement and “a recognized technology security firm” to take down the external force that made its way into the PSN. “This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible,” the Q&A adds.
If you need more information on protecting yourself, and haven’t gotten Sony’s email yet, the Q&A can be found here.
