PSN Attack Fallout Worsens, 12,700 Credit Card Numbers Stolen

Subject: General Tech | May 2, 2011 - 06:59 PM |
Tagged: sony, PSN

Hackers really do not seem to have learned the old adage of not kicking someone when they are down as Sony has learned that hackers have obtained even more personal data from the popular gaming console's multi-player service.  It is believed that 12,700 non-US customer credit card numbers and expiration dates along with 10,700 direct debit bank account numbers of a number of customers in Germany, Austria, Netherlands, and Spain were possibly stolen.  The credit and debit card information was included in an older SOE database from 2007.  Joystiq has claimed in a recent update that Sony has informed them that this information was obtained during the initial attack and was not a new attack.  There is a minuscule amount of hope for those customers in knowing that the security codes located on the back of their cards were not compromised.  Unfortunately, there are still many transactions that can occur without needing to input the security code.

View Full Size

Ars technica quoted Sony in saying that:
 
"Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. . . . Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password." (sic)
 
The Playstation Blog has reiterated in a post today that "Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information.  If you are asked for this information, you can be confident Sony is not the entity asking."  Sony recommends that once the PlayStation Network is back up, their customers should log on and change their password.  Further, they encourage their customers to monitor their bank and credit card statements to protect themselves from unauthorized usage.
Source: ars technica
May 2, 2011 | 09:44 PM - Posted by posimosh (not verified)

You do realize that not everyone has that game right? If I got said map pack I'd be pissed. Also Sony is way too cheap to buy things such as map packs from developers to give to users... Instead, they will give away free (to them)demos and promotional items which they ordinarily sell to users as "PSN+" for five bucks a month.

May 2, 2011 | 08:40 PM - Posted by Vamsi (not verified)

Does PSN still store credit card information EVEN if you remove it? I remove mine credit card information a few weeks, maybe months, before the outage/attack. Will I be effected?

May 2, 2011 | 08:59 PM - Posted by Tim Verry

Honestly, it depends. We know that the hackers were able to view the databases containing all this information, but I'm uncertain which databases. If you removed your credit card information, it should be deleted from the active database(s); however, there's a chance that your information still resides in backup copies of that database. So, if hackers also copied all the backups, then they likely have your information; however, if they only accessed the current database(s) at the time of attack, then they likely do not have you information if you have removed it prior to the attack.

Really, though, the only clear and 100% positive answer you'll be able to get is from Sony, and I doubt that they are talking right now as they are currently still performing "ongoing investigations".

Hope it helps.

May 2, 2011 | 08:44 PM - Posted by jermo (not verified)

the reason for having a ps3 is to play.why are some peoples' plans to be a-holes and steal stuff? thanks sony for the great console and free online play. i've missed playing online, but actually got outside and got some sun... now i'm ready to play again. looking forward to it's comeback.

May 2, 2011 | 08:44 PM - Posted by Anonymous (not verified)

I keep reading that PSN service is free, this bothers me alot. As a small business owner, nothing is free out there. Sony is making loads of money through their pattented blue ray system. Myself, I have 20 blueray movies and I dont watch alot of movies. Imagine, all those people who bought PS3 for its blueray and stacked up bl movies. % of those sales go to Sony as a profit. They are making their money somewhere and we are as customers paying for that. So, sony should hurry up and get the PSN running. I wanna kill some zombies. Btw, I got to level 59 and it was kind a boring after level 40, but it was fun. I'll stop.

May 2, 2011 | 08:49 PM - Posted by Blackrose132 (not verified)

Yeah I want to kill zombies too add me blackrose132 and me and you can kick so zombie ass

May 2, 2011 | 08:47 PM - Posted by Blackrose132 (not verified)

Anyone argee with me when I say this why are they're hackers how can they hack like come on if other people get cards will there be hackers? This is a non funny question please no stupid answers

May 2, 2011 | 08:51 PM - Posted by RagHeadDinner (not verified)

My CC # was used to buy Osamabedead and his boy toys a shot of jack and a pulled pork sand, Thanks Sony!

May 2, 2011 | 08:52 PM - Posted by Anonymous (not verified)

So far all that has been confirmed is that the criminals have a large encrypted database of credit card numbers. So basically alot of this

SkeneipsjqifidpsisnwpaubeodiroainrpJsneiaofneixyufpaowbdcuapenxccyaebdjyabxcpanwvufwlhwbzockehztdjsprnaytjxpbshxoflsbxiapwjfkvalbvislfj... And so on.

No one should even be giving a shit about the credit card numbers or passwords. The personal information is going to be the issue. I for one do not want to deal with the crooks who operate the identity theft insurance companies over this as they operate on pyramid models and constantly Hound you to sell to your friends and family after getting insured(and I'm talking about the largest provider in north America not some fly by night operation)

May 2, 2011 | 09:06 PM - Posted by Tim Verry

Well, it depends how Sony encrypted their data b/c with enough computing power the data could theoretically be decrypted in a reasonable amount of time. Also, this encrypted data could be sold to other larger groups who have the requisite computing power to try and defeat Sony's encryption. Even encrypted, it's still valuable, though maybe not as pursuable to all the bad people who would like to get their hands on it.

Either way, you are correct in saying the the Personally Identifiable information that was compromised is a huge concern. The hackers are definitely going to be able to make a huge chunk of change in selling that information to the highest bidders even without having to touch any credit card numbers.

May 2, 2011 | 09:12 PM - Posted by Anonymous (not verified)

The encryption will be of a complexity required by the PCI (payment card industry) standards ISO and even with truly massive amounts of computing power it could not be decrypted until well after the card numbers expire.

The only card numbers at risk here would be ones intercpeted through a man in the middle attack during the hack when a cc# was coming down the encrypted pipe to the server.

May 2, 2011 | 09:19 PM - Posted by Tim Verry

Well, we hope anyway! I guess I'm thinking too pessimistically as I doubt Sony would risk the wrath of the government/regulatory agencies and not keep up w/ those encryption standards. But it's hard to not be pessimistic at this point :P

May 2, 2011 | 09:27 PM - Posted by Anonymous (not verified)

Yeah I wouldn't worry about it, even a god awful encryption standard is going to take a couple thousand years to crack with modern computing power (that includes dstributed computing power) and most CC's expire in 3 years or less.

May 2, 2011 | 09:32 PM - Posted by Tim Verry

heh, I guess my terrible luck has to bottom out somewhere ;)

May 2, 2011 | 09:39 PM - Posted by Anonymous (not verified)

https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf

deffinately some good info here that would put your mind at ease and hopefully that of your readers

May 2, 2011 | 10:07 PM - Posted by Tim Verry

Interesting, thanks for the link. I would still get a new card number just for peace of mind, though it's good to know that people have time to do so assuming Sony followed these standards.

May 2, 2011 | 08:58 PM - Posted by Anonymous (not verified)

so is psn coming back online today may 3rd?i cant wait to play online again.i heard it was may 3rd but now i hear may 4th?

May 2, 2011 | 09:01 PM - Posted by Kitty (not verified)

Starting to think PSN wont be back up anytime soon. JP should have been on already and they are not. Also, they turned all regions off at the same time, so why not turn us all back on at the same time? I'm guessing there wont be any answers from Sony when all of us try to sign on this week and PSN is still out. Things keep going down hill for Sony. I do hope the hackers are caught! I also think they should at least let us o to change our password and perhaps change the email and clear out any credit card info that is saved on our PS3's.

May 2, 2011 | 09:04 PM - Posted by Patrick Seybold (not verified)

Did no else get the Memo????

This was all an April Fool's joke. Servers will be back up in a few minutes...

May 2, 2011 | 09:05 PM - Posted by Anonymous (not verified)

Are we going to have to pay to play online yes or no? If yes, I will buy an xbox360 just because my cousins have 360s. Even though ps3 is better. But I rather pay to play with my family.

May 2, 2011 | 09:08 PM - Posted by Tim Verry

I do not believe that they are getting rid of the free services. They are adding more paid services in the coming weeks for PSN Plus subscribers.

May 2, 2011 | 09:05 PM - Posted by Anonymous (not verified)

no way they wouldnt do that.

May 2, 2011 | 09:06 PM - Posted by Anonymous (not verified)

so anyone know when the servers will be back up for sure?

May 2, 2011 | 09:09 PM - Posted by Tim Verry

It's a rolling restart starting this week (some people have been saying May 4th. I'm unsure on the exact date online play will be acivated but this week you will at least be able to log in to change your password).

May 2, 2011 | 09:11 PM - Posted by Anonymous (not verified)

well i hope its today.i have been hearing may 3rd all week then today i heard may forth.i have been waiting 2 weeks to play socom4 and mortal kombat online

May 2, 2011 | 09:21 PM - Posted by Tim Verry

Wow, that's brutal! Were you at least able to play some local multi player of MK11 or do you need PSN for that as well?

Hopefully you get your gaming fix soon!

May 2, 2011 | 09:24 PM - Posted by Anonymous (not verified)

no i've only been able to play solo so far.they need to hurry up and get this fixed

May 2, 2011 | 09:32 PM - Posted by Tim Verry

Wow, that sucks man

May 2, 2011 | 09:38 PM - Posted by Anonymous (not verified)

yea.so when was the date u heard the servers will be back on?

May 2, 2011 | 09:59 PM - Posted by Tim Verry

I have only heard that they would begin activating certain services this week. I don't have any official word on an exact date this week. The PlayStation Blog will be a good place to keep an eye on any official releases stating the exact day. Sorry that I can't be more specific, I know you must be dying not being able to play multi after such a long outage!

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.