PSN Attack Fallout Worsens, 12,700 Credit Card Numbers Stolen

Subject: General Tech | May 2, 2011 - 09:59 PM |
Tagged: sony, PSN

Hackers really do not seem to have learned the old adage of not kicking someone when they are down as Sony has learned that hackers have obtained even more personal data from the popular gaming console's multi-player service.  It is believed that 12,700 non-US customer credit card numbers and expiration dates along with 10,700 direct debit bank account numbers of a number of customers in Germany, Austria, Netherlands, and Spain were possibly stolen.  The credit and debit card information was included in an older SOE database from 2007.  Joystiq has claimed in a recent update that Sony has informed them that this information was obtained during the initial attack and was not a new attack.  There is a minuscule amount of hope for those customers in knowing that the security codes located on the back of their cards were not compromised.  Unfortunately, there are still many transactions that can occur without needing to input the security code.

View Full Size

Ars technica quoted Sony in saying that:
"Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. . . . Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password." (sic)
The Playstation Blog has reiterated in a post today that "Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information.  If you are asked for this information, you can be confident Sony is not the entity asking."  Sony recommends that once the PlayStation Network is back up, their customers should log on and change their password.  Further, they encourage their customers to monitor their bank and credit card statements to protect themselves from unauthorized usage.
Source: ars technica
May 3, 2011 | 02:03 AM - Posted by tlmck (not verified)

I have read several articles on this and no one has mentioned why only the foreign account were attacked. Are the US and others on newer databases? Better networks?

Not a Playstation owner or anything, just curious from a computer security standpoint.

Fortunately, when a non-standard transaction happens on my card, they have to contact me personally before it gets approved. If I were to travel to a foreign country, for instance, I would have to call the credit card company before leaving and let them know where I will be using my card. Very good security measure. Large transactions over the amount I set also require my approval in addition to the security code.

And lastly, I also track my account constantly online to look for any oddity.

May 3, 2011 | 03:06 AM - Posted by Tim Verry

I'm unsure why it has been only foreign accounts mentioned in Sony's press release detailing what "may" have been compromised. If I had to guess, I'd say that you were on the right track regarding databases. From this specific article, the 12,700 foreign credit card numbers were from Sony Online Entertainment (which is still Sony, but a seperate branch from my understanding) database from 2007. Sony has said that this was not a new attack and was related to the PSN attack, however. It is possible that Sony hasn't released exact numbers regarding US based customer's data as they dont yet know exactly what was taken. Hopefully the security firm they brought in will do a better job than them of analyzing the data and figuring out what was taken :P

May 3, 2011 | 09:47 PM - Posted by Anonymous (not verified)

Based on what I read, yes the servers were older 2007 servers that held the foreign accounts.

May 3, 2011 | 03:19 AM - Posted by cyow

Doh that just great! so now us PS3 use have to keep a eye on our Credit Cards as well, not that we were not but what a pain in the back side.

I hope Sony are willing to give us money if any of ours is stole due to there dumb ass stupid practices.

Sony you need to get with it and fix this now and let us know if our Credit Cards information stole or not, not just say what your said.

I can see Sony get sue out of this world.

May 3, 2011 | 04:20 AM - Posted by Tim Verry

I was hearing some talk of a class action lawsuit pending against Sony but I can't verify it as I didn't hear it from any official sources. It wouldn't surprise me if someone tries to bring one against them though! :P

That said, I believe Sony is going to provide some local level of fraud protection, likely locking out any credit card numbers from being used on new/other accounts.

May 3, 2011 | 11:22 AM - Posted by Anonymous (not verified)

Will you be required to use a credit card for this Welcome Back thingamajig ??? I have a PSN account but do not use credit card online. After what has just happened, it will be dumb if they require credit card info just for the free 30 days.

May 3, 2011 | 11:53 AM - Posted by Tim Verry

Honestly, I'm not sure. As far as I know, only people who had Playstation Plus accounts are getting a free month of PSN+. Users of free accounts should be albe to get the other aspects of the Welcome Back program w/out needing a credit card. I could be mistaken though.

You are right that it would be kind of ironic if they said, Welcome Back! Just give us your credit card info and we'll send you a free month of PSN+ ;)

May 3, 2011 | 06:13 PM - Posted by cyow

I'm going to get a Pre-pay credit card from now on for my PSN account or may be just get a PlayStation Network Card.

Will not ever be add my credit card again to any online game stuff of for that matter any were just can't trust then, I should have know better to in the first place.

I think Sony need to make it up by give every one a $50 credit on there accounts to start with, and then help out anyone that has had there credit card stole.

This would be a good start to help get them out of the dog house.

I have to say I'm now thinking of going and getting a XBox360 for game and just keep the PS3 for Blu-Rays movies only.

Let just hope Sony get this fix soon and tell us if our credit card information was stole or not.

May 4, 2011 | 01:30 AM - Posted by cyow

I Someone needs to Gibbs Slap! who ever was in charge of the PSN.

May 4, 2011 | 05:43 PM - Posted by Anonymous (not verified)

it freaking said it will be back May 4 and here we are with NOOO psn!!!

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.