Sony Assures Credit Card Data Was Encrypted

Tom Goldman · Apr 28, 2011

Sony Assures Credit Card Data Was Encrypted

PlayStation Network users' credit card data may have been hacked into, but at least it was encrypted.

Around a week ago, Sony was forced to shut down the PlayStation Network, and the company later admitted [http://www.escapistmagazine.com/news/view/109568-Sony-Admits-Private-PSN-Info-Has-Been-Stolen-All-Of-It] that the act was the result of a malicious attack that could have exposed millions of users' personal data, including credit card information, to an unknown party. While this sounds gosh darn downright awful, a recent Q&A on the PlayStation Blog has at least revealed that this credit card data was encrypted, and may not have been as easy to acquire as it seemed earlier.

An email that Sony sent to 77 million PSN users warned that they might want to take somewhat drastic steps to protect themselves, including checking their credit reports. As it turns out, this was simply to take every precaution necessary because the information that was leaked is still unclear. While personal data was not stored in an encrypted state, credit card data was.

The Q&A states: "While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network."

Sony also says that it is working with law enforcement and "a recognized technology security firm" to take down the external force [] that made its way into the PSN. "This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible," the Q&A adds.

If you need more information on protecting yourself, and haven't gotten Sony's email yet, the Q&A can be found here [http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/].

Permalink

Evilsanta · Apr 28, 2011

That is releaving to here.

Though I still plan to change my card...Just in case.

CM156_v1legacy · Apr 28, 2011

Sony, look down.

See the fire? That's coming from your pants.

In all seriousness, I am just glad that I don't own a PS3. I really hope no ones data gets stolen.

Shadie777 · Apr 28, 2011

This Q&A was released on Sony's blog a day ago.
Kinda late in reporting this.

ZeZZZZevy · Apr 28, 2011

I wonder how well it was encrypted.
Also, why wasn't personal data also encrypted? That's almost as important as the credit card info, and EVERYONE enters that in, whereas a large number of people use prepaid cards to buy things.

Rayken15 · Apr 28, 2011

People like Evilsanta make me laugh so hard.

OT: I am GLaD I don't own a PS3. Hopefully the ones that do won't get their money and all that data stolen.

Casual Shinji · Apr 28, 2011

Hopefully this means things are going to cool down slightly.

Echo136 · Apr 28, 2011

Im gonna call it now. Nobody is going to believe this, because everyone is too angry at sony to be logical.

Shadie777 · Apr 28, 2011

HankMan said:
Shadie777 said:

This Q&A was released on Sony's blog a day ago.
Kinda late in reporting this.

Click to expand...

Just like Sony!

You managed to make me laugh, thank you ^^
Since this is the internet I will like to say this isn't sarcasm

Seriously though, its nice that I know a little bit more about the situation now. I also believe that checking the PS blog instead of always relying on the escapist is a good idea for people who don't know whats going on.

mjc0961 · Apr 28, 2011

Tom Goldman said:
While personal data was not stored in an encrypted state

Which is a pretty big mistake as far as I'm concerned.

Tom Goldman said:
Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network."

So I guess that you requesting it every time I want to buy something from the Playstation Store doesn't count? Don't lie, Sony.

Echo136 said:
Im gonna call it now. Nobody is going to believe this, because everyone is too angry at sony to be logical.

Nah, nobody is going to believe this because Sony has changed their story with regards to this incident more than most people change their underwear. There's no way to know if this one is finally the truth or if tomorrow we'll get another story which also may or may not be the truth.

Bottom line, I am very glad I always took the extra time to remove my CC info from my PSN account after each purchase.

Dastardly · Apr 28, 2011

Tom Goldman said:
Permalink

And another false-alarm bell is forced to stop ringing. There've already been people insisting it was just stored there in a text document. It's getting harder and harder to blame Sony for this, but people are still trying. I guess it's easier to throw darts at the only face you can see. Hopefully they'll catch the hackers and give folks a new Guy to burn.

Sylocat · Apr 28, 2011

Because of the "Rule of CYA," I didn't believe for a moment that Sony would store credit card data in an unencrypted state. Even if they had never been hacked, that would be opening themselves up to a lawsuit in itself; they had to know that.

Unfortunately, even encryption methods aren't infallible. And if the hackers do get that data, it won't matter that Sony barely qualifies as negligent in this case; the people will want blood.

I hope they catch the hackers and work a little vigilante justice on them.

Grand_Arcana · Apr 28, 2011

Oh, thank god!

robert022614 · Apr 28, 2011

so the hackers that were able to steal pretty much everything from a major corporation will be utterly thwarted by Sony's encryption? sounds sketchy.

JochemDude · Apr 28, 2011

Shadie777 said:
This Q&A was released on Sony's blog a day ago.
Kinda late in reporting this.

This

robert022614 said:
so the hackers that were able to steal pretty much everything from a major corporation will be utterly thwarted by Sony's encryption? sounds sketchy.

Oh this as well.

Leemaster777 · Apr 28, 2011

Well, this is good to hear.

Hopefully, Sony can catch this guy/guys, and we can then proceed with tieing him to a mast and flogging him with an angry cat. I want to start playing Mortal Kombat online, dammit! (yes, I am aware that PSN should be back up by the 3rd)

Sniper Team 4 · Apr 28, 2011

Tom Goldman said:
Sony also says that it is working with law enforcement and "a recognized technology security firm" to take down the external force [] that made its way into the PSN. "This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible," the Q&A adds.

THIS! This is what I've been waiting to hear. Find them, Sony. Find them. If they are outside of the U.S., hire some sort of hitman and eliminate them. If they are in the U.S., do the same thing or do it yourself. I want them found and dealt with just as much as I want my PSN back.

Sony Assures Credit Card Data Was Encrypted

Tom Goldman

Crying on the inside.

Evilsanta

New member

CM156_v1legacy

Revelation 9:6

Shadie777

New member

ZeZZZZevy

New member

Rayken15

New member

Casual Shinji

Should've gone before we left.

Echo136

New member

Shadie777

New member

mjc0961

YOU'RE a pie chart.

Dastardly

Imaginary Friend

Sylocat

Sci-Fi & Shakespeare

Grand_Arcana

New member

robert022614

meeeoooow

JochemDude

New member

Leemaster777

New member

Sniper Team 4

New member