In the midst of the Royal Wedding taking over the internet, you may have missed this headline from the folks at Mashable: “2.2 Credit Card Numbers From Playstation Network May Be Up For Sale”. PSN has had its problems lately, with Anonymous taking them down, someone else wreaking havoc, and then having to admit that their information had been compromise by a massive security breach. An official blog posting from PSN fell short of admitting that credit card information had been released.
Now, the rumor is swirling that not only was the credit card information released, the information is now up for sale to the highest bidder. The New York Times reports that rumors on underground Internet forums allegedly come from those responsible for the data breach at PSN, and they claim to be in possession of 2.2 million credit card numbers, including the security codes. Kevin Stevens, with TrendMicro, told the Times that he has seen the talk on the message boards and there are indications that the Sony hackers are shopping the list around. In fact, they claim to have offered to sell it back to Sony, but the company has not responded.
The Q&A for the data breach available on the Sony blog states that “The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”
The information flying from Sony and various hacker forums is conflicting. On one hand, Sony is stating that our credit card data is safe, but in the same email also tell us to notify credit bureaus and put them on fraud alert. There are a lot of security analysts that are adding that there is evidence to indicate that the PSN hackers made it to the main database, which would have given them access to everything, including your credit card information.
In light of this new information, many PSN users (including some of us here) are asking what they should do. When it comes to security breaches I always say that it’s better to be safe than sorry, so if I was a PSN user, here is what I would do.
- Change the password on everything. Many people use the same email address and password for most of your accounts, so if your email and password to PSN match that of your credit card company, hackers could have access to that data as well.
- Ignore the emails that might come to you asking to reply back to confirm infromation. These are phishing scams.
- Cancel the credit card associated to the account. This might seem extreme but with all of these lingering questions, it might be better to play it safe.
The FBI is helping Sony investigate the hack and hopefully we will have more in depth answers soon. Until then, play it safe.