Rumor: Hackers selling PSN credit card list
Several security analysts have noticed discussions on hacker forums regarding a list of PSN users' credit card numbers for sale, but there is no way to confirm if they really have the database as they claim.
Sony recently revealed that credit cards were encrypted in the PlayStation Network data breach, but didn't rule out the possibility that hackers had obtained card information. Now the New York Times reports that hackers are claiming to have a database with 2.2 million PSN users' credit card numbers, and they're offering it up for sale.
Kevin Stevens, a senior threat researcher at Trend Micro, noticed the discussions in various hacker forums, where he says they were offering to sell the list for more than $100,000. Researchers confirmed that the discussions are taking place, but there's no way to confirm if they really have the database.
Stevens also heard from one forum member that the hackers offered to sell the data back to Sony, but didn't receive a response. "To my knowledge, there is no truth to the report that Sony was offered the opportunity to purchase the list," said Sony corporate communications director Patrick Seybold, who also reiterated that the data was encrypted.
"Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers," said iSec Partners consultant Mathew Solnik. He also points out that the hackers on forums knew details about the servers, which could indicate direct knowledge.
Finally, the NYT notes that the San Diego office of the FBI is helping Sony in the investigation of the incident, but declined to comment.
-
Steve Watts posted a new article, Rumor: Hackers selling PSN credit card list.
Several security analysts have noticed discussions on hacker forums regarding a list of PSN users' credit card numbers for sale, but there is no way to confirm if they really have the database as they claim.-
-
I think I'm ditching my main gmail account. I turned on my ps3 this morning and saw that was the log in name. I don't care so much about the cc info, because you can cancel your shit and get new ones.. but now if they know your log on to shit and start plugging it into sites, who the hell knows what real damage could be done.
-
Activate the two factor auth on your gmail account and you should be fine: http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html
-
-
-
the first part of my email address nukemforever@ (it's not that) is/was my general user name on other sites. I don't remember which of the normal password rotations I used on my PSN, but if my email name, password and security key are all on some list in hacker land, I need to change all this data.
Sure I could change my password on my email and other sites (which I have done), but I'm not sure how many sites I've used my user name on over the course of the past 11 years. fucking sucks but it was time for a nick change
-
-
-
-
-
-
PCI Compliance is such a joke. If anyone has ever read that document (1000+ pages) you will see that is near impossible for any company to comply 100% much less guarantee that they will never, ever get hacked. There is NO such thing as a perfectly protected system in the digital age so I don't really get the frustration people have. If you didn't take the steps (however tedious they might be) to protect yourself as best you can then you really have no one to blame but yourself.
-
-
-
"Mr. Solnik said researchers believe that the hackers gained access to Sony’s database by hacking the PS3 console and from there infiltrating the company’s servers."
So this is what Sony reaps for killing off otherOS. OR, this is what happens when people like GeoHot take matters into their own hands. -
If you are really concerned then yes, you can cancel your Credit Card and have them re-issue you a new one. However - now and days even if you obtain a credit card # and information its practically useless. You need to enter the CCV # on the back of the card for most online transactions to complete. Without that number they get nowhere.
-