authors

Hackers brag they have PlayStation Network credit card numbers

April 28, 2011 10:42 PM
Dean Takahashi
Add a Comment

Hackers are saying on underground internet chat rooms that they are in possession of the credit card numbers of Sony’s PlayStation Network customers, the New York Times said today.

If it’s true, that’s worrisome for Sony, which has been sued by angry users and which has yet to verify whether any of its customers’ credit card numbers — which Sony has said were encrypted — had been taken. Sony has sent warnings about the possible theft to more than 77 million registered PSN users. Since the whole user base may have been exposed, this case could be one of the largest hacks on record.

Security researchers said they have seen discussions on internet forums that indicate the hackers have customer names, addresses, usernames, passwords and as many as 2.2 million credit card numbers. Kevin Stevens, senior threat researcher at the security firm Trend Micro, told the New York Times that he saw talk about how Sony hackers were hoping to sell the credit card list for more than $100,000. Stevens said one forum member told him the hackers had offered to sell the data back to Sony itself, but the hackers had not received a response from the company.

One reader, who wished to remain anonymous, told us that he was informed by Sony yesterday that his credit card may have been compromised. He checked with his card issuer and found two charges totaling $400 that he had never made. He called his issuer and had the charges reversed. He had his card canceled and ordered a replacement.

Several other security researchers confirmed the forum discussions, but it was not possible to verify whether the hackers indeed were in possession of the database. Sony spokesman Patrick Seybold said there was no truth, as far as he knew, that Sony was offered an opportunity to buy back the list. Matthew Solnik, a security consultant with iSEC Partners, said he has heard that the hackers made it into the main database, which would have given them the access to the credit card numbers.

Solnik said researchers believe that the hackers gained access to the database by hacking the PS 3 console and then moving from there to the company’s servers.

[image credit: Techchunks]

  • http://www.realestateactive.com/ Michael Real

    Oh, what the heck happened, SONY!? Hackers have credit card numbers! What are you going to do with what happened here?

  • http://pulse.yahoo.com/_U2H7S4MG6PLQUVOA2CFNMZ2QUQ Ric Desan

    What's ludicrous about this in the end, is the fact that Sony will glean no valuable insight out of the fiasco. They will fail to learn the lesson that the consumer has tried to teach them over and over again. They didnt learn it via the root kit, they didnt learn it with half their proprietary media formats and they didnt learn it with the PS3. What is this lesson? There is no need to make objects out of people like Geohotz. Homebrew happens and this whole scenario could have been avoided by partnering with this guy instead of turning him into a martyr.What could have been a huge win for you to get him on board has turned into a bullying that has permanently cost you customers like me – for life. So think about all the people like myself that wont buy your products any longer based on principle over the life of their purchasing power and reconcile the cost of that negative branding for Sony products with your decision to make an example out of this guy and bring the wrath of hackers down on your head.

  • http://profiles.google.com/lanphier1999 L. Blake Tucker

    A huge win for the sony and the consumers to partner with this guy when it was his program that hack into the system….. So they partner with him pay him for his skills and if he wanted to make a program to sell to the nxt hacker??? you are so right that I'm gonna wait to call you a loser. I'm promise to be back on this site at this day in time to call you a loser as soon as detroit lions win or make it to the super bowl.

  • http://www.top3tattoodesignsreviewed.com alex davis

    you can never really make any computer or system safe becuase someone will always be able to unravel what someone else has built

blog comments powered by Disqus