PSN Attack Fallout Worsens, 12,700 Credit Card Numbers Stolen

Subject: General Tech | May 2, 2011 - 09:59 PM |
Tagged: sony, PSN

Hackers really do not seem to have learned the old adage of not kicking someone when they are down as Sony has learned that hackers have obtained even more personal data from the popular gaming console's multi-player service.  It is believed that 12,700 non-US customer credit card numbers and expiration dates along with 10,700 direct debit bank account numbers of a number of customers in Germany, Austria, Netherlands, and Spain were possibly stolen.  The credit and debit card information was included in an older SOE database from 2007.  Joystiq has claimed in a recent update that Sony has informed them that this information was obtained during the initial attack and was not a new attack.  There is a minuscule amount of hope for those customers in knowing that the security codes located on the back of their cards were not compromised.  Unfortunately, there are still many transactions that can occur without needing to input the security code.

View Full Size

Ars technica quoted Sony in saying that:
 
"Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. . . . Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password." (sic)
 
The Playstation Blog has reiterated in a post today that "Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information.  If you are asked for this information, you can be confident Sony is not the entity asking."  Sony recommends that once the PlayStation Network is back up, their customers should log on and change their password.  Further, they encourage their customers to monitor their bank and credit card statements to protect themselves from unauthorized usage.
Source: ars technica

May 2, 2011 | 10:52 PM - Posted by Matt (not verified)

Hopefully they will be able to get the network back up so that the hackers can complete the transaction....

May 2, 2011 | 10:52 PM - Posted by Alan "Trophy man" Grant (not verified)

i undersand the problem. i just hope we get things solved so it dosent happen again!! happy about playsation plus
(2muc) Black ops username "guttaluvalan"

May 2, 2011 | 10:53 PM - Posted by Anonymous (not verified)

i need to make an account wtf get psn back up

May 2, 2011 | 10:58 PM - Posted by tj954 (not verified)

well get that shit back up so i can change my password!!

March 21, 2012 | 01:18 PM - Posted by CarlBentley

Don't know if I can even trust PSN again. I, unfortunately, was one of those unlucky enough to have my information stolen AND have charges racked up. Thankfully, my credit card went up to bat for me and refunded all lost funds. According to the processor, my money was used to purchase really odd things like an expensive vampire costume and italian leather shoes. Anyway, alls well that ends well?

May 2, 2011 | 10:59 PM - Posted by Anonymous (not verified)

Does anyone know when it will resume to online again?

May 2, 2011 | 11:03 PM - Posted by Anonymous (not verified)

wednesday the 4th, so sony says..

May 2, 2011 | 11:08 PM - Posted by Tim Verry

Hi Anon (kinda ironic username ;) ). Sony is planning a rolling release in bringing the PlayStation network back up. This means that over the next week to two weeks various different services will be brought online until it's fully operational. It is my understanding that the free services are taking precedence over things like the PlayStation Store, so you should be able to log in at some point this week with enough functionality to be able to change your password. I hope it helps.

May 2, 2011 | 11:11 PM - Posted by Darrell (not verified)

Do credit cards last from 2007 until now? I know debits expire within a couple of years.

May 2, 2011 | 11:33 PM - Posted by Tim Verry

That's a good point, actually. I know my credit card expires in a year or two depending on which card it is.. I'm not familiar with how credit cards work in regards to expiring outside of the US though.

May 2, 2011 | 11:13 PM - Posted by Davd (not verified)

Why wouldn't all the information that has private data like addresses, credit card info, and names be encrypted?

That way if data gets stolen no big deal they cant unencrypt the info anyways.

May 2, 2011 | 11:34 PM - Posted by Tim Verry

I agree, it should have been encrypted. Sony is not going to live this down for a long, long time.

May 2, 2011 | 11:16 PM - Posted by Anonymous (not verified)

i hacked psn hhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaha

May 2, 2011 | 11:37 PM - Posted by Anonymous (not verified)

your ip address is 76.067.234.143

Why are you so dumb?

May 3, 2011 | 12:38 AM - Posted by posimosh (not verified)

lol

May 2, 2011 | 11:38 PM - Posted by Blackrose132 (not verified)

But why you know he's only going for the card codes not the account iz clever but still get your own card number man it's not that hard this throws me off the psn and my psn gf (goes to my school didn't know until she got a mic) so yeah and plus she's shy to talk to me in person (plus every time I go to talk to her she tries to kiss me.....) so yeah she's a bit shy in person also she didn't really talk on the mic like that (she blushes when I'm talking to her and she kisses me every time) I'm pissed at who ever hacked psn I'm going to kill whoever did this!

May 3, 2011 | 12:07 AM - Posted by Deej (not verified)

Why would you even post that. Enough personal info is going around as is. Just made your gf look like a lie to be honest with you.

Anyways....back on topic. Hopefully this all ends soon, want to buy map packs for black ops, miss killing real people too. Veteran bots just don't do it for me.

OSAMA IS DEAD! <-- News.

May 3, 2011 | 12:50 AM - Posted by posimosh (not verified)

Killing and war is barbaric and gruesome no matter how many simulated "battles" you have been in or how desensitized you are. Battle, strategy, and various war 1st/3rd person "shooter" games can be fun but if you aren't horrified by the killing in war (or elsewhere) you either a.haven't actually seen any. or b. there is something profoundly wrong with you. or c. You are a socio/psychopath. Please try to lay off the hyperbole.

May 2, 2011 | 11:16 PM - Posted by Anonymous (not verified)

I believe this is all so Sony can start to charge for online service. Now if charging makes it more safe and adds added features, then go for it. But leave some servers for free, I will not pay for online play. I dont care about safety, Im not stupid enough to use credit cards or bank accounts online anyway.

PSN has gift cards available at many retail stores also, why even use a credit card on the ps3 ?

May 2, 2011 | 11:27 PM - Posted by Blackrose132 (not verified)

Hey I argee with you you got my count

May 2, 2011 | 11:35 PM - Posted by Anonymous (not verified)

Or you canbe like me an use a pre-pay credit card for any psn purchases thus keeping my real card safe... Knew this shit wud happen sooner or later cos online gaming comes hand in hand with Computer nerds lol. As much as I hate psn going down if these guys make money outta it u gotta rate der gettin dat Gwop In (go hard or go home! Dey went Ard!) But if dey really aint made no money out of it Jheez! Nerd aint the word!

May 2, 2011 | 11:41 PM - Posted by Blackrose132 (not verified)

Yeah I argee!

May 2, 2011 | 11:41 PM - Posted by Anonymous (not verified)

no i highly doubt that cuz in this whole process sony has lost billions on dollars and users. they say you gotta spend money to make money but in this case thats a stupid decision

May 2, 2011 | 11:17 PM - Posted by Anonymous (not verified)

so wat up

May 2, 2011 | 11:25 PM - Posted by Blackrose132 (not verified)

This is the bull crap I hate like come on damn hackers get a life I'm really pissed off now

May 2, 2011 | 11:26 PM - Posted by Anonymous (not verified)

i think they should hook us all up with somethin for free like the new map paks fir call of duty and the ones that are comeing out tommrow

May 2, 2011 | 11:28 PM - Posted by Blackrose132 (not verified)

True btw my psn user is blckrose132 add for Im a zombie person btw so once it's back up add me ok

May 2, 2011 | 11:29 PM - Posted by Blackrose132 (not verified)

Blackrose132 I mean

May 2, 2011 | 11:39 PM - Posted by Anonymous (not verified)

I saw your credit card info posted on www.haxorssitonmyface.org

better change your info...

May 2, 2011 | 11:35 PM - Posted by Tim Verry

I believe users are getting a month of PSN Plus, though I could be wrong on that. I'll look into it.

EDIT: Actually, it looks like this is Sony's plan for compensation:

"will provide a complimentary offering to[..]ist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region.

The company will also rollout the PlayStation Network and Qriocity “Welcome Back” program, to be offered worldwide, which will be tailored to specific markets to provide our consumers with a selection of service options and premium content as an expression of the company’s appreciation for their patience, support and continued loyalty.

Central components of the “Welcome Back” program will include:

• Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
• All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
• Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service.

Additional “Welcome Back” entertainment and service offerings will be rolled out over the coming weeks as the company returns the PlayStation Network and Qriocity services to the quality standard users have grown to enjoy and strive to exceed those exceptions."

May 3, 2011 | 12:44 AM - Posted by posimosh (not verified)

You do realize that not everyone has that game right? If I got said map pack I'd be pissed. Also Sony is way too cheap to buy things such as map packs from developers to give to users... Instead, they will give away free (to them)demos and promotional items which they ordinarily sell to users as "PSN+" for five bucks a month.

May 2, 2011 | 11:40 PM - Posted by Vamsi (not verified)

Does PSN still store credit card information EVEN if you remove it? I remove mine credit card information a few weeks, maybe months, before the outage/attack. Will I be effected?

May 2, 2011 | 11:59 PM - Posted by Tim Verry

Honestly, it depends. We know that the hackers were able to view the databases containing all this information, but I'm uncertain which databases. If you removed your credit card information, it should be deleted from the active database(s); however, there's a chance that your information still resides in backup copies of that database. So, if hackers also copied all the backups, then they likely have your information; however, if they only accessed the current database(s) at the time of attack, then they likely do not have you information if you have removed it prior to the attack.

Really, though, the only clear and 100% positive answer you'll be able to get is from Sony, and I doubt that they are talking right now as they are currently still performing "ongoing investigations".

Hope it helps.

May 2, 2011 | 11:44 PM - Posted by jermo (not verified)

the reason for having a ps3 is to play.why are some peoples' plans to be a-holes and steal stuff? thanks sony for the great console and free online play. i've missed playing online, but actually got outside and got some sun... now i'm ready to play again. looking forward to it's comeback.

May 2, 2011 | 11:44 PM - Posted by Anonymous (not verified)

I keep reading that PSN service is free, this bothers me alot. As a small business owner, nothing is free out there. Sony is making loads of money through their pattented blue ray system. Myself, I have 20 blueray movies and I dont watch alot of movies. Imagine, all those people who bought PS3 for its blueray and stacked up bl movies. % of those sales go to Sony as a profit. They are making their money somewhere and we are as customers paying for that. So, sony should hurry up and get the PSN running. I wanna kill some zombies. Btw, I got to level 59 and it was kind a boring after level 40, but it was fun. I'll stop.

May 2, 2011 | 11:49 PM - Posted by Blackrose132 (not verified)

Yeah I want to kill zombies too add me blackrose132 and me and you can kick so zombie ass

May 2, 2011 | 11:47 PM - Posted by Blackrose132 (not verified)

Anyone argee with me when I say this why are they're hackers how can they hack like come on if other people get cards will there be hackers? This is a non funny question please no stupid answers

May 2, 2011 | 11:51 PM - Posted by RagHeadDinner (not verified)

My CC # was used to buy Osamabedead and his boy toys a shot of jack and a pulled pork sand, Thanks Sony!

May 2, 2011 | 11:52 PM - Posted by Anonymous (not verified)

So far all that has been confirmed is that the criminals have a large encrypted database of credit card numbers. So basically alot of this

SkeneipsjqifidpsisnwpaubeodiroainrpJsneiaofneixyufpaowbdcuapenxccyaebdjyabxcpanwvufwlhwbzockehztdjsprnaytjxpbshxoflsbxiapwjfkvalbvislfj... And so on.

No one should even be giving a shit about the credit card numbers or passwords. The personal information is going to be the issue. I for one do not want to deal with the crooks who operate the identity theft insurance companies over this as they operate on pyramid models and constantly Hound you to sell to your friends and family after getting insured(and I'm talking about the largest provider in north America not some fly by night operation)

May 3, 2011 | 12:06 AM - Posted by Tim Verry

Well, it depends how Sony encrypted their data b/c with enough computing power the data could theoretically be decrypted in a reasonable amount of time. Also, this encrypted data could be sold to other larger groups who have the requisite computing power to try and defeat Sony's encryption. Even encrypted, it's still valuable, though maybe not as pursuable to all the bad people who would like to get their hands on it.

Either way, you are correct in saying the the Personally Identifiable information that was compromised is a huge concern. The hackers are definitely going to be able to make a huge chunk of change in selling that information to the highest bidders even without having to touch any credit card numbers.

May 3, 2011 | 12:12 AM - Posted by Anonymous (not verified)

The encryption will be of a complexity required by the PCI (payment card industry) standards ISO and even with truly massive amounts of computing power it could not be decrypted until well after the card numbers expire.

The only card numbers at risk here would be ones intercpeted through a man in the middle attack during the hack when a cc# was coming down the encrypted pipe to the server.

May 3, 2011 | 12:19 AM - Posted by Tim Verry

Well, we hope anyway! I guess I'm thinking too pessimistically as I doubt Sony would risk the wrath of the government/regulatory agencies and not keep up w/ those encryption standards. But it's hard to not be pessimistic at this point :P

May 3, 2011 | 12:27 AM - Posted by Anonymous (not verified)

Yeah I wouldn't worry about it, even a god awful encryption standard is going to take a couple thousand years to crack with modern computing power (that includes dstributed computing power) and most CC's expire in 3 years or less.

May 3, 2011 | 12:32 AM - Posted by Tim Verry

heh, I guess my terrible luck has to bottom out somewhere ;)

May 3, 2011 | 12:39 AM - Posted by Anonymous (not verified)

https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf

deffinately some good info here that would put your mind at ease and hopefully that of your readers

May 3, 2011 | 01:07 AM - Posted by Tim Verry

Interesting, thanks for the link. I would still get a new card number just for peace of mind, though it's good to know that people have time to do so assuming Sony followed these standards.

May 2, 2011 | 11:58 PM - Posted by Anonymous (not verified)

so is psn coming back online today may 3rd?i cant wait to play online again.i heard it was may 3rd but now i hear may 4th?

May 3, 2011 | 12:01 AM - Posted by Kitty (not verified)

Starting to think PSN wont be back up anytime soon. JP should have been on already and they are not. Also, they turned all regions off at the same time, so why not turn us all back on at the same time? I'm guessing there wont be any answers from Sony when all of us try to sign on this week and PSN is still out. Things keep going down hill for Sony. I do hope the hackers are caught! I also think they should at least let us o to change our password and perhaps change the email and clear out any credit card info that is saved on our PS3's.

May 3, 2011 | 12:04 AM - Posted by Patrick Seybold (not verified)

Did no else get the Memo????

This was all an April Fool's joke. Servers will be back up in a few minutes...

May 3, 2011 | 12:05 AM - Posted by Anonymous (not verified)

Are we going to have to pay to play online yes or no? If yes, I will buy an xbox360 just because my cousins have 360s. Even though ps3 is better. But I rather pay to play with my family.

May 3, 2011 | 12:08 AM - Posted by Tim Verry

I do not believe that they are getting rid of the free services. They are adding more paid services in the coming weeks for PSN Plus subscribers.

May 3, 2011 | 12:05 AM - Posted by Anonymous (not verified)

no way they wouldnt do that.

May 3, 2011 | 12:06 AM - Posted by Anonymous (not verified)

so anyone know when the servers will be back up for sure?

May 3, 2011 | 12:09 AM - Posted by Tim Verry

It's a rolling restart starting this week (some people have been saying May 4th. I'm unsure on the exact date online play will be acivated but this week you will at least be able to log in to change your password).

May 3, 2011 | 12:11 AM - Posted by Anonymous (not verified)

well i hope its today.i have been hearing may 3rd all week then today i heard may forth.i have been waiting 2 weeks to play socom4 and mortal kombat online

May 3, 2011 | 12:21 AM - Posted by Tim Verry

Wow, that's brutal! Were you at least able to play some local multi player of MK11 or do you need PSN for that as well?

Hopefully you get your gaming fix soon!

May 3, 2011 | 12:24 AM - Posted by Anonymous (not verified)

no i've only been able to play solo so far.they need to hurry up and get this fixed

May 3, 2011 | 12:32 AM - Posted by Tim Verry

Wow, that sucks man

May 3, 2011 | 12:38 AM - Posted by Anonymous (not verified)

yea.so when was the date u heard the servers will be back on?

May 3, 2011 | 12:59 AM - Posted by Tim Verry

I have only heard that they would begin activating certain services this week. I don't have any official word on an exact date this week. The PlayStation Blog will be a good place to keep an eye on any official releases stating the exact day. Sorry that I can't be more specific, I know you must be dying not being able to play multi after such a long outage!

May 3, 2011 | 02:03 AM - Posted by tlmck (not verified)

I have read several articles on this and no one has mentioned why only the foreign account were attacked. Are the US and others on newer databases? Better networks?

Not a Playstation owner or anything, just curious from a computer security standpoint.

Fortunately, when a non-standard transaction happens on my card, they have to contact me personally before it gets approved. If I were to travel to a foreign country, for instance, I would have to call the credit card company before leaving and let them know where I will be using my card. Very good security measure. Large transactions over the amount I set also require my approval in addition to the security code.

And lastly, I also track my account constantly online to look for any oddity.

May 3, 2011 | 03:06 AM - Posted by Tim Verry

I'm unsure why it has been only foreign accounts mentioned in Sony's press release detailing what "may" have been compromised. If I had to guess, I'd say that you were on the right track regarding databases. From this specific article, the 12,700 foreign credit card numbers were from Sony Online Entertainment (which is still Sony, but a seperate branch from my understanding) database from 2007. Sony has said that this was not a new attack and was related to the PSN attack, however. It is possible that Sony hasn't released exact numbers regarding US based customer's data as they dont yet know exactly what was taken. Hopefully the security firm they brought in will do a better job than them of analyzing the data and figuring out what was taken :P

May 3, 2011 | 09:47 PM - Posted by Anonymous (not verified)

Based on what I read, yes the servers were older 2007 servers that held the foreign accounts.

May 3, 2011 | 03:19 AM - Posted by cyow

Doh that just great! so now us PS3 use have to keep a eye on our Credit Cards as well, not that we were not but what a pain in the back side.

I hope Sony are willing to give us money if any of ours is stole due to there dumb ass stupid practices.

Sony you need to get with it and fix this now and let us know if our Credit Cards information stole or not, not just say what your said.

I can see Sony get sue out of this world.

May 3, 2011 | 04:20 AM - Posted by Tim Verry

I was hearing some talk of a class action lawsuit pending against Sony but I can't verify it as I didn't hear it from any official sources. It wouldn't surprise me if someone tries to bring one against them though! :P

That said, I believe Sony is going to provide some local level of fraud protection, likely locking out any credit card numbers from being used on new/other accounts.

May 3, 2011 | 11:22 AM - Posted by Anonymous (not verified)

Will you be required to use a credit card for this Welcome Back thingamajig ??? I have a PSN account but do not use credit card online. After what has just happened, it will be dumb if they require credit card info just for the free 30 days.

May 3, 2011 | 11:53 AM - Posted by Tim Verry

Honestly, I'm not sure. As far as I know, only people who had Playstation Plus accounts are getting a free month of PSN+. Users of free accounts should be albe to get the other aspects of the Welcome Back program w/out needing a credit card. I could be mistaken though.

You are right that it would be kind of ironic if they said, Welcome Back! Just give us your credit card info and we'll send you a free month of PSN+ ;)

May 3, 2011 | 06:13 PM - Posted by cyow

I'm going to get a Pre-pay credit card from now on for my PSN account or may be just get a PlayStation Network Card.

Will not ever be add my credit card again to any online game stuff of for that matter any were just can't trust then, I should have know better to in the first place.

I think Sony need to make it up by give every one a $50 credit on there accounts to start with, and then help out anyone that has had there credit card stole.

This would be a good start to help get them out of the dog house.

I have to say I'm now thinking of going and getting a XBox360 for game and just keep the PS3 for Blu-Rays movies only.

Let just hope Sony get this fix soon and tell us if our credit card information was stole or not.

May 4, 2011 | 01:30 AM - Posted by cyow

I Someone needs to Gibbs Slap! who ever was in charge of the PSN.

May 4, 2011 | 05:43 PM - Posted by Anonymous (not verified)

it freaking said it will be back May 4 and here we are with NOOO psn!!!

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.