Rumor: Hackers selling PSN credit card list
Several security analysts have noticed discussions on hacker forums regarding a list of PSN users' credit card numbers for sale, but there is no way to confirm if they really have the database as they claim.
Sony recently revealed that credit cards were encrypted in the PlayStation Network data breach, but didn't rule out the possibility that hackers had obtained card information. Now the New York Times reports that hackers are claiming to have a database with 2.2 million PSN users' credit card numbers, and they're offering it up for sale.
Kevin Stevens, a senior threat researcher at Trend Micro, noticed the discussions in various hacker forums, where he says they were offering to sell the list for more than $100,000. Researchers confirmed that the discussions are taking place, but there's no way to confirm if they really have the database.
Stevens also heard from one forum member that the hackers offered to sell the data back to Sony, but didn't receive a response. "To my knowledge, there is no truth to the report that Sony was offered the opportunity to purchase the list," said Sony corporate communications director Patrick Seybold, who also reiterated that the data was encrypted.
"Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers," said iSec Partners consultant Mathew Solnik. He also points out that the hackers on forums knew details about the servers, which could indicate direct knowledge.
Finally, the NYT notes that the San Diego office of the FBI is helping Sony in the investigation of the incident, but declined to comment.
-
Shacknews
replySteve Watts posted a new article, Rumor: Hackers selling PSN credit card list.
Several security analysts have noticed discussions on hacker forums regarding a list of PSN users' credit card numbers for sale, but there is no way to confirm if they really have the database as they claim.-
It's so difficult to discern the truth in situations like this. It could just be hackers claiming to have the PSN CC data in order to scam other hackers out of a few bucks.
One way to confirm would be to actually buy the database, but this opens a potential legal can of worms for the buyer. -
I think I'm ditching my main gmail account. I turned on my ps3 this morning and saw that was the log in name. I don't care so much about the cc info, because you can cancel your shit and get new ones.. but now if they know your log on to shit and start plugging it into sites, who the hell knows what real damage could be done.
-
Activate the two factor auth on your gmail account and you should be fine: http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html
-
I have that turned on
-
-
[deleted]
-
-
[deleted]
-
the first part of my email address nukemforever@ (it's not that) is/was my general user name on other sites. I don't remember which of the normal password rotations I used on my PSN, but if my email name, password and security key are all on some list in hacker land, I need to change all this data.
Sure I could change my password on my email and other sites (which I have done), but I'm not sure how many sites I've used my user name on over the course of the past 11 years. fucking sucks but it was time for a nick change
-
-
because when sky-net turns on in a few years and tracks my user name using hacker logs, and it logs in as me on penislicking.com and starts posting pictures wait what
-
-
-
-
-
-
-
PCI Compliance is such a joke. If anyone has ever read that document (1000+ pages) you will see that is near impossible for any company to comply 100% much less guarantee that they will never, ever get hacked. There is NO such thing as a perfectly protected system in the digital age so I don't really get the frustration people have. If you didn't take the steps (however tedious they might be) to protect yourself as best you can then you really have no one to blame but yourself.
-
-
-
Physical security is a key component of PCI compliance. Most large businesses have these kinds of physical security controls in place; it would be scary to find out if Sony didn't, for some reason.
-
-
-
"Mr. Solnik said researchers believe that the hackers gained access to Sony’s database by hacking the PS3 console and from there infiltrating the company’s servers."
So this is what Sony reaps for killing off otherOS. OR, this is what happens when people like GeoHot take matters into their own hands.-
Are people seriously so lacking in self control that they are saying Sony is directly responsible for hackers being cunts?
-
-
[deleted]
-
If you are really concerned then yes, you can cancel your Credit Card and have them re-issue you a new one. However - now and days even if you obtain a credit card # and information its practically useless. You need to enter the CCV # on the back of the card for most online transactions to complete. Without that number they get nowhere.
-
Won't help if they clone your card. Never thought about that did you. Gas, food, anything at a department store. They already know your zip for automated machines used as credit.
-
[deleted]
-
It was posted in the New York Times. Is that not a worth source to report on? Shack just decided to add their Rumor tag when they didn't necessarily need to.
Unless you are trying to talk shit about the New York times?
-
