Source: See below.
What we heard: Yesterday, Sony announced that even though the personal information of some 77 million PlayStation Network accounts may have been compromised during last week's data breach, their credit card information was encrypted. This account appeared to be backed up by a report that said that major financial institutions such as Wells Fargo, American Express, and Mastercard had reported they had found no suspicious activity related to the leak.
Now, though, MSNBC is making headlines with an article that starts off saying that some 2.2 million credit card numbers stolen from the PSN are being shopped around. The story stems from a Twitter post by Kevin Stevens of Trend Micro, a purveyor of Internet security software, which said that cybercrooks were claiming to have the accounts, including first name, last name, address, zip code, country, phone, e-mail, e-mail password, date of birth, credit card number, expiration date, and three-digit security code. That account was backed up by screenshots from a forum by Internet security blogger Brian Krebs.
The official story: As of press time, Sony has not commented on the matter.
Bogus or not bogus?: Probably bogus. Sony said that the PSN, like most online vendors, doesn't store the three-digit security code, so there's no way hackers could have obtained them. Also, by everyone's account, the people claiming to have the information could just be attempting online fraud.
"Yeah, this information about the [three-digit security code] numbers could be bogus. The guys selling the [database] could just be making it up," said Stevens. MSNBC is equally skeptical, saying, "It almost sounds too good to be true. Why, for example, would Sony have the passwords to users' third-party email accounts, such as Yahoo! or Gmail accounts?"