2.2 million PSN credit card numbers for sale?

MSNBC reports that cybercrooks are shopping around information purloined from Sony's network, but not everything adds up.

by

Source: See below.

What we heard: Yesterday, Sony announced that even though the personal information of some 77 million PlayStation Network accounts may have been compromised during last week's data breach, their credit card information was encrypted. This account appeared to be backed up by a report that said that major financial institutions such as Wells Fargo, American Express, and Mastercard had reported they had found no suspicious activity related to the leak.

Cybercriminals claim to have 2.2 million credit card numbers stolen from the PSN.

Now, though, MSNBC is making headlines with an article that starts off saying that some 2.2 million credit card numbers stolen from the PSN are being shopped around. The story stems from a Twitter post by Kevin Stevens of Trend Micro, a purveyor of Internet security software, which said that cybercrooks were claiming to have the accounts, including first name, last name, address, zip code, country, phone, e-mail, e-mail password, date of birth, credit card number, expiration date, and three-digit security code. That account was backed up by screenshots from a forum by Internet security blogger Brian Krebs.

The official story: As of press time, Sony has not commented on the matter.

Bogus or not bogus?: Probably bogus. Sony said that the PSN, like most online vendors, doesn't store the three-digit security code, so there's no way hackers could have obtained them. Also, by everyone's account, the people claiming to have the information could just be attempting online fraud.

"Yeah, this information about the [three-digit security code] numbers could be bogus. The guys selling the [database] could just be making it up," said Stevens. MSNBC is equally skeptical, saying, "It almost sounds too good to be true. Why, for example, would Sony have the passwords to users' third-party email accounts, such as Yahoo! or Gmail accounts?"

Discussion

405 comments
Ex-DarkBlade
Ex-DarkBlade

This rumor is proven fake by the PS blog. It's so sad that people will do anything to get attention.

IAMLEGEND33
IAMLEGEND33

[This message was deleted at the request of the original poster]

xshadowzz
xshadowzz

Why does GS report Rumors? I want facts, dammit!

tony_hak
tony_hak

SOny MAkes the hacker$ GOD here.!

blaq95
blaq95

You guys need to replace your ares with is. Kitty are going to the store today doesn't sound right.

behemothdog
behemothdog

@JLCrogue No worries my friend Like i said i am just a student. Happy trails!

JLCrogue
JLCrogue

@behemothdog I'm sorry, I meant to say bytes, not megabytes. That was a typo, so the whole file would be around 7.7 GB (100B * 77million) if that were the case.

SoulReaper1337
SoulReaper1337

The data for the actual accounts would be around 10 gigs if they kept it one file, maybe 20 - 50 gigs if they also kept the security codes, email accounts, addresses, and other possible account information. even if it was 100 gigs of info it wouldnt be too hard to get all of it with the poor securtiy sony has had around their content. the persons (s) that did this probably stole the data first then crashed (and probably wiped their entrance) so they could have time to destroy their machines making it even harder to ever prove that is was them who did it. though its unlikely the hackers would think that far ahead or be willing to destroy their computers, but if they really are that smart if really guessing we either wont hear about who did they or only the computers that were used as proxies will be caught.

terrascythe
terrascythe

@squall_83 @JLCrouge I think we all agree that the data file is massive, likely separated into multiple files. I'm sure given the info we already have somebody can figure a solid estimate, but as squall_83 mentioned it's sort of irrelevant. Typical hackers are in and out as quick as possible and usually don't get more than a few hundred thousand lines of data. But, as we know this was not a typical hack. Whoever did this had as much time as they needed and if they wanted CC info they certainly got it. I Personally think there was inside help, I don't see how a hacker could spend that much time, downloading that much data without using admin passwords or inside help to avoid suspicion.

Jedilink109
Jedilink109

Everyone please keep in mind they're talking about a NEWS NETWORK. OF COURSE they aren't going to get anything right,

FashionFreak
FashionFreak

Good Luck tracking the hackers down. They were behind SEVEN PROXIES.

behemothdog
behemothdog

@JlCrogue ummm I need further explanation I created a MOC Creditcard info , name adress ,etc In visual studio using VB and the exe file was about 11kb. and 11 kb *77 million is about 8,076MB here is the code Dim cc As Long Dim name1 As String Dim name2 As String Dim MI As Char Dim state As String Dim city As String Dim adress As String Dim pnum As String Dim Bdate As String Dim EXPDate As String cc = 123456789123123123 name1 = "jeremiah" name2 = "davidson" MI = CChar("b") state = "minnatucky" city = "fattyville" adress = " 1234 somethring st apt B" pnum = " 555-444-4444" Bdate = "nov 01 2022" EXPDate = "10 10 2010" Also the CC# has no need to be stored as a Long a String will do as it well as no math will be done with it. or i could put it in a database but i doubt that it will make 1 Set of cc data and personal info 100MB even with a 128 bit encryption (that was on the CC Info ONLY) or did i miss something? edit: i am not trying to be rude i am seeking a degree in programming so any thing helps! p.s. sorry about the format.

squall_83
squall_83

@terrascythe Right on. It surely has to be pretty large. 77 million accounts is a lot of info to store. As you said, definitely large enough that you would have thought they would notice. I just had to call you out... 77GB? Preposterous!! lol.

behemothdog
behemothdog

[This message was deleted at the request of the original poster]

behemothdog
behemothdog

[This message was deleted at the request of the original poster]

squall_83
squall_83

@JLCrogue That can't be right. I don't care what system you're using. There is no physical way that your personal info: name, address, card number etc... could possibly take up 100MB. That is just ridiculous. Unless of course I somehow misunderstood what you were saying.

JLCrogue
JLCrogue

@squall_83 Each credit card number is 16 digits, which would take up 54 bits of data and that's not enough to be stored in one integer (which take 4 bytes/32 bits). They would have to be stored as a long, which take up 8 bytes each, but only on some machines. That's just the credit card number alone and characters would also take 4 bytes per character that makes up a name. Overall, each account would probably take up to around 100 MB each, so terrascythe was a little more accurate, even though his math was wrong.

AceCometh
AceCometh

Gasp! Passwords have been compromised! It's not like we can change them.........

terrascythe
terrascythe

@squall_63 You're right, my math was wrong, unless I switch to 1Kb per line but that sounds to high. There really is no way to know how many characters or fields were used in each line, or know the true size of the data file unless Sony tells us, which they haven't. So in that sense my speculation is irrelevant but not unwarranted. Anyways, I know 77 million lines of data is going to be a huge amount of info to download in a hack, upwards of several gigs.

InN3rChi011
InN3rChi011

I have a quick question for anyone who has the answer. The question is simple what if i changed my psn email's password? Will the hackers or whoever it is know that i changed it or even know the new password? Thanks to whomever answers this.

squall_83
squall_83

@terrascythe Your math is incorrect. 77 million bytes is only 77 Megabytes. And there's really no way to assume how much info is stored in each account anyway so the math is not only incorrect, but also irrelevant.

RaddaRaddaRadda
RaddaRaddaRadda

@mynamesdenvrmax Thing is, this isn't news. It's just rumor and speculation. Someone on a forum claiming to have credit card numbers stolen from PSN? Must be telling the truth because people never lie on the Internet! If you honestly believe that news outlets don't have their own agendas, and never skew the way they report something to make it sound different then it actually is, well, I suppose I envy your naivete.

terrascythe
terrascythe

77 million PSN accounts is 77 million lines of data. With at least 1 byte per line, that's 77 gigabytes of data. That would take over 24 hrs to download, so the hacker had more than enough time to get CC numbers too. How could a hacker have that much unrestricted time inside PSN without being discovered?

RawhideSphinx
RawhideSphinx

put these hackers in a room with me and watch them pee their pants.

IAMLEGEND33
IAMLEGEND33

ive been reading the same fraudulent psn related credit card charge stories on a bunch of different sites and forums 1. japanese grocery store 2. german airline ticket 3. american express card kept in a draw and only used for psn it sounds like crap people posting to get attention or generate responses

IAMLEGEND33
IAMLEGEND33

you gotta love the media reporting sensational fraudulent news from unreliable sources walter kronkite is spinning in his grave

FlashCharge
FlashCharge

Hope there is no plea deal for these people to make an example for anyone in the future who throws honest people to the wind. I do not know about anyone else but they have put me through a lot of work to try and protect myself from future hackers. Hope they're caught and properly punished.

XragnaX
XragnaX

meh could have happened to any Console, just hope there catch the f**ks who did this, people who have to much time on there hands that should have a job. ARGH

eggchicken
eggchicken

Even if it is bogus(which it is), these hackers still all need to go get a real job and start making themselves actually usefull to the world around them. Honestly, some people simply don't have any life at all

AznEvan
AznEvan

Yeah, this is most definitely not true. Anyways, it's most likely that they are trying to lure out the hackers by using these fraudulent claims, but I'm guessing the hackers are much smarter than that.

laplace985
laplace985

I think some people were threatened by socom 4 and made sure they attacked as soon as that game were released. However I wouldn't worry about credit card info. It's decrypted. Now if your psn account passwords are the same as your email and bank account passwords change them now. Those are the people who always get exploited.

wyan_
wyan_

True or not these hackers need to be shot with a ball of their own poop.

TheTrainer1980
TheTrainer1980

@Dominicobaggio Why does this mean Microsoft is scared? You really have no idea what you're speaking of.

jekyll
jekyll

I've just checked my two credit cards (I'm not certain which is on PSN, it's been so long since I ordered anything) and so far, so good.

Dominicobaggio
Dominicobaggio

This article tells me microsoft are scared. I mean dirty tactics like rumours when your biggest competitor hits some trouble, a bit naughty!!! There is very little anyone can do with your credit card details unless they even use it to purchase things around where you live because as soon as they use it to try to make purchases internationally it will be blocked, so im not scared in teh slightest, even if people have details. (which they wont)

Defy_The_Fallen
Defy_The_Fallen

@XileLord No I understand perfectly well how bad getting your personal info and credit card detail stolen is. If the hacker somehow uses your credit card or opens a new account with your name and you get thousands of pounds in debt, that could be horrible. And I do have my own details online, I have a debit card and I do live in a house.... Granted they should have encrypted every bit of info, but there doing everything they can, I'm sure they'll tighten there security after this.

behemothdog
behemothdog

@XileLord I understand your frustration, and you have EVERY right to be mad at sony. However, the hackers that did this are to blame. Take some comfort in the fact that while personal info was taken, Its no more info that is in a phone-book. (minus the E-mail) The CC data had a 128 bit encryption on it and was stored separately, so sony was smart there. As for the story above smells fishy but better be safe and monitor/cancel the CC (i know yours is expired its just a precaution for others) final note: No system is unbreakable, no security is perfect, no kitten is ugly! best wishes dude :)

XileLord
XileLord

@Defy_The_Fallen, I don't mean to come off as a fanboy, just can't see how anybody can defend PSN. It's a piss of knowing some jack ass could possibly have my personal information, along with PSN being down. I understand because of your age it might not be a huge deal to you but when you get older and have your credit card info online, along with your own personal information (address, phone number, email) and not you're parents it'd be bound to piss you off to. I can't defend sony, they should be smart enough to have an online system stronger then this.

aSchizophrenic
aSchizophrenic

No. This isn't true. Thanks for telling us this rumor, it benefits us all so much.

jhpeter
jhpeter

lol, isnt msn bc from MS ?

Defy_The_Fallen
Defy_The_Fallen

@XileLord don't worry dude I believe you have a ps3, but in my case if they stole my personal info they can't create a credit card, I'm only 14 and not liable for one. But take a look over your previous comment again, you sounded like a blatant xbox fanboy. And believe me I am by no means a fan boy, sony are doing there best to fix it, were not the only ones losing things here, think of all the profit there loosing from PSN downloads etc....

XileLord
XileLord

@Defy_The_Fallen, doesn't stop them from getting one when they have your personal information. It's not so much the credit card stuff that annoys me, it's the fact my personal information was stolen and that sony had such a weak online system that all this could happen. Btw I actually own a PS3, PSN: Hybridiction XBL: Hybridiction, and I honestly do not care if you believe me or not. I'm not a fanboy at all, I'm just saying what you sony fanboys won't say.

jhpeter
jhpeter

If not bogus this could be a major problem for Sony.

Defy_The_Fallen
Defy_The_Fallen

@XileLord Dude, they don't have the physical credit card, even if they did have the info it would only been written on paperor in some text document on a PC, they can't physically form a credit card out of thin air. Your just another xbox fanboy thinking he's clever. I have both ps3 and xbox, I'm not one sided because im NORMAL.

XileLord
XileLord

You don't need the three digit security code to walk into a store and buy items with another person's credit card. Sony is a joke just like PSN is a joke, just like fanboys who make fun of online services like XBL for charging 5$ a month then try to compare this PSN outbreak to that of an XBL one, which btw has never been weak enough for some hacker to grab a bunch of personal info and credit card info. Not only that but the online play and integration is way better, not only that but safer with xbox live. Sony is a joke, just like PSN. I've gotten tons of phishing attemps lately so it's obvious whoever did this is selling personal info. Makes me wonder how much more they got on me now......luckily my credit card is expired.

beanofengland
beanofengland

*sigh* what is wrong with people these days...