backtop


Print 54 comment(s) - last by Moishe.. on May 2 at 4:31 PM

2.2 million users' cards are reportedly in the database

Millions of customers were shocked to hear Sony Computer Entertainment America LLC (U.S.) and Sony Computer Entertainment Europe (EU) had lost their personal information -- name, username, password, address, birth date, and password recovery question -- and, more importantly, that it potentially lost their credit and debit cards as well.

Sony wrote:

While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.

It essentially then went on to tell people that they were on their own and that it was customers' own responsibility to protect themselves from credit fraud.

Now it appears the worse case scenario is indeed playing out -- according to recent forum posts, a database with "a large section of the PSN database containing complete personal details along (with credit card numbers)...are being offer (sic) up for sale."

Security researcher Kevin Stevens has witnessed malicious hackers discussing the supposed database.  He posted to Twitter, "Supposedly the hackers selling the DB says it has: fname, lnam, address, zip, country, phone, email, password, dob, ccnum, CVV2, exp date," adding, "it is not a rumor, it was a conversation on a criminal forum."

If someone gains access to this database, it would be easy to issue hundreds of millions of fraudulent charges.  Such charges can put a black mark on your credit score.

Famed hardware jailbreaker George "GeoHot" Hotz chimed in on the reports, writing, "I sure am glad I don’t have a PSN account about now."

In his blog he adds:

And to anyone who thinks I was involved in any way with this, I'm not crazy, and would prefer to not have the FBI knocking on my door. Running homebrew and exploring security on your devices is cool, hacking into someone elses server and stealing databases of user info is not cool. You make the hacking community look bad, even if it is aimed at douches like Sony.

...

...the fault lies with the (Sony) executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts. Alienating the hacker community is not a good idea.

GeoHot, a self-admitted one-time victim of identity theft, isn't a huge fan of Sony.  He recently settled with the electronics giant in a lawsuit over his jailbreak of the PS3.  Reportedly, GeoHot essentially scored a big win with the settlement, though precise details haven't been revealed.

The attacks came soon after the settlement.  While few suspected GeoHot, some do suspect that members of the loosely organized hacker group Anonymous -- a group which supported GeoHot during the Sony legal battle (without his endorsement) -- might have been involved.

Regardless, this is bad news for Sony and worse news for its customers.  If you have a credit or debit card that you know is filed with service, you might want to talk to your bank about changing your number as soon as possible.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Thank you
By tigz1218 on 4/29/2011 8:35:20 AM , Rating: 5
Thank you for the update Jason. Last I heard on most msm websites was that there was no evidence of CCs being stolen.

I canceled all of my cards and changed account passwords that used the same as my PSN password. I highly advise anyone who hasn't done this yet to get moving!




RE: Thank you
By DNAgent on 4/29/2011 8:55:16 AM , Rating: 3
I'll second that thanks. The worst part of this entire fiasco has been Sony's communication (or lack thereof) with their customers. One single email after 8 days of inexplicable service outage, and now that there is confirmation of stolen CC numbers we still have to learn about it from third parties.

Way to establish consumer confidence, Sony.


RE: Thank you
By CZroe on 4/29/2011 9:04:19 AM , Rating: 2
That's HARDLY confirmation. The details even conflict.

It's not uncommon in illegal trade circles for someone to lie about what they have and the CVV discrepancy points to it likely being a lie.


RE: Thank you
By theslug on 4/29/2011 11:15:23 AM , Rating: 2
I take this to mean you only cancelled cards that you had used on the PSN at one point?


RE: Thank you
By tigz1218 on 4/29/2011 12:47:13 PM , Rating: 2
That is correct, sorry should have worded that better.


RE: Thank you
By dubldwn on 4/29/2011 12:16:03 PM , Rating: 2
I just got off the phone with my CC company. They had a little spiel prepared where they told me not to worry about changing my card number, that I wouldn't be responsible for any charges, and that maybe I would be interested in some additional pay services, which I declined. Good enough for me.


RE: Thank you
By fcx56 on 4/29/2011 5:10:57 PM , Rating: 2
Hopefully you aren't planning on using some of the available funds associated with that card, if they do use it fraudulently you will potentially have to wait as they investigate the activty. A friend had her purse stolen and they used her VISA check card for purchases amounting to almost $3000. It was almost funny as they had used most of the money to pay utilities, which seems too obvious to me. The bank sorted everything out nicely although it still took around 20 days to get the majority back, with the remaining $200 coming almost two months later. The situation was handled, but wouldn't it be best still to avoid it all together? It certainly wasn't convienent, and the best part is that they issued her a new card to prevent future charges.


RE: Thank you
By Bonesdad on 4/30/2011 3:39:43 PM , Rating: 2
The last I heard there IS NO confirmation that CCs have been stolen and/or are actually being sold. The headline to this article is misleading and may in fact be false. Remember, Sony isn't the criminal in this case, though they certainly bear some responsibility for poor security.


"Nowadays you can buy a CPU cheaper than the CPU fan." -- Unnamed AMD executive














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki