PSN credit card data was encrypted, 'no evidence' it was taken - Sony

PlayStation maker says that key personal info was security protected and likely not stolen, confirms cooperation with law enforcement.

by

As day eight of the PlayStation Network outage nears day nine, Sony has posted a new Q&A regarding the data leak that accompanied the service disruption. Two days after it said that personal information was compromised, the PlayStation maker is trying to soothe customers' fears by saying that all credit card information submitted to the PSN was encoded.

Sony says all credit card info on the PSN during the data leak was encrypted.

"All of the data was protected, and access was restricted both physically and through the perimeter and security of the network," the company said in a statement on the official PlayStation Blog. "The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

The company said that the reason it has warned customers that their credit card data may have been stolen was out of an "abundance of caution." The company also pointed out that users' credit card security codes--often called CVC or CSC numbers--were never stored on the PSN or Sony's Qriocity media service, which was also compromised in the attack. These three-digit codes are usually necessary to make an online transaction.

The day after Reuters reported that Sony was working with the Federal Bureau of Investigation's cybercrime unit, the game giant also confirmed it is cooperating with "law enforcement." The company did not mention the FBI or any other agency by name, but it did reiterate it is also working with a "recognized technology security firm" on the matter.

Finally, Sony somewhat tempered the prediction it offered on Tuesday, when it said that some PSN services would be back up within a week. "We want to be very clear that we will only restore operations when we are confident that the network is secure," the company said.

Discussion

687 comments
Kill-Zone_99
Kill-Zone_99

DeadBullet Fanboy fettishness doesn't always end up as a joke. You should know how emotional blind people are when they have power. Remember that...

aryanbrar
aryanbrar

@aFatDog i bought my ps3 used when it was still expensive, it hasn't broken even once. either you're lying or lying.

SnuffDaddyNZ
SnuffDaddyNZ

"These three-digit codes are usually necessary to make an online transaction." Nope, they are optional. It is reassuring that the cc numbers were "encoded", just like the ps3 firmware which was decoded (read: hacked) several months ago. It's really nice to know, that SONY didn't recognise THAT as a security risk, hence allowing the recent attack to be perpetrated. A class action lawsuit is necessary I feel, as negligence on SONY's part is easily proven here.

the_hunter_gta
the_hunter_gta

about PSN cards someone might not want to buy the $20, $50 cards and only spend $10 i haven't seen any $10 cards anywhere.

dRuGGeRnaUt
dRuGGeRnaUt

Im sure 90% of posters glance right over the "NOT LIKELY" political speak there. "not likely" is NOT GOOD ENOUGH. Seriously.. Stop with the "possiblys" and "its not believed to be" talk, it's just pointless retoric to protect against future lawsuits. lol

poopinpat
poopinpat

@aFatDog apparently u don't get it as the internet is a free medium for people to express their opinion. so stop hating on mine and gtfo. and with the fail rate of 360's (not including the new slims) over a third of the tree has rotten apples and clearly that tree isn't doing to well.

marcus5546
marcus5546

Sony...You are lucky I hate that Xbox 360 controller. Security is a must for any company that collects credit card info. People are so anxious to play, they could care less that other parts of their life may have been exposed to fraud. This may haunt your company when I decide to make a hardware purchase in the future.I am very angry. I understand the role that some hackers play when they expose security flaws of big companies. I just don't believe companies take their vulnerability serious.

aFatDog
aFatDog

@poopinpat *sigh*... you obviously don't get it. Having bad luck with a console does not give you the right to come on the internet and start ripping on it because of your own bad luck. Just because you picked a bad apple doesn't mean the rest of the apples on the tree are bad.

shnapoodle
shnapoodle

And that's why you should just buy PSN cards.... safer.... no info to loose no worries...

RavenXavier
RavenXavier

LOL Wow....gee, you don't think anyone with the technical know-how to hack the PSN doesn't ALSO have the know-how to DE-CODE the information? LOL. Sony must think it's customers are dumber than dirt if they expect people to buy that. Anyone who does buy that excuse is a moron. The encryptions on CC info can be broke by any card swiping machine decoder made past the year 1996...

SLRMC93
SLRMC93

Just as long as I know my moniez is safe, I can sleep at night.

Bobmarley00
Bobmarley00

Encryption offers little in a brute force attack. It can easily be decrypted with time and computing power. Sounds like the database security was a joke. Hopefully these people won't have a couple million identities to hide behind now since they stole the entire personal information datatable set.

poopinpat
poopinpat

@aFatDog "...you can't hate a console because you've had bad experiences with it". Read that again and think about it. I'm pretty sure wasting a lot of money on broken consoles is reason enough to stop buying products from that particular manufacturer.

aFatDog
aFatDog

@02050muh Well you're wrong, but believe what you want. Besides, I wasn't trying to insult the ps3, the point i was trying to make is that you can't hate a console because you've had bad experiences with it.

02050muh
02050muh

@aFatDog lol..i can tell when people lie

blue900
blue900

@tachsniper: I don't think people are saying they don't have a problem with a hacker having personal info. They are just not blowing it up so much as you are. We take the steps to protect ourselves and that's it. The info was compromised, it happened. Enough with the making it a big deal already. I think most people here know how to deal with it, you should too.

blue900
blue900

@afatDog: 3rd ps3? wow that's some tough luck since it really never happens. It took me a long time before I bought my xbox 360. I had Wii and PS3 years before xbox because of RROD that all my friends had in the past. I don't have the RROD proof xbox model, but mine has not broken. Then again I barely use it. As for PS3, I use it every night for movies and games. Knock on wood but that machine was a great investment. Xbox 360, I bought the fan just in case...

blue900
blue900

@jeffvid, so nice to hear someone with reason. I believe the decision to take down the PSN and investigate all that may and did happen was a wise choice by Sony. For days many people here were mad at Sony not knowing the big picture. Thanks for you post.

jeffvid
jeffvid

Although we all may want to get back on the PSN ASAP, the bright side to this situation is that Sony stepped up front and took action immediately on a "possible violation" to make sure their customers were protected which in the short run does not make them look great---however when all is said and done people will look back on this and say Sony did the right thing rather than trying to hide it as other companies do....................

aFatDog
aFatDog

@poopinpat Judging a console based on your own personal experiences is silly.I'm on my 3rd Ps3 right now, and when a Ps3 breaks, regardless of the low fail rate (thankfully) it REALLY breaks. And as I believe i said, the wii's appeal lies mainly in the casual gamer audience, as proper games for serious gamers on the console are few and far between.

WolfGrey
WolfGrey

@tachsniper He does have a point.It is pretty much like just taking a phonebook.All thats confirmed is that they are all Sony customers.Not to mention its all over the bloody place.They really cant do much with the info.Save paying houses a visit or maybe something else.They dont have enough info to mess with social security or with much else.Without the credit card info(if they truly didnt get in), it isnt much to work with.

tachsniper
tachsniper

@JohnF111 so you ahve no problem with a perfect stranger, someone whom you've never met before and have no way of tracking down yourself, having your personal information with potential access to more? wow... just wow,

Maioral_RMR
Maioral_RMR

Well, Xbox 360 here I come. Micro$oft, you won.

Maioral_RMR
Maioral_RMR

Lets hope the credit card information was not encrypted the same way as the security keys for PS3. Took them 5 days to decode.

JohnF111
JohnF111

[This message was deleted at the request of the original poster]

JohnF111
JohnF111

@tachsniper I guess i should tell my paperboy to erase his memory, he must be just as "liable" as Sony. The worst thing they can do is find out where you live which just about any phone book will do just the same, millions and millions of addresses all in alphabetical order. All the hacker got was a phonebook, i see no reason to be mad.

KingSora1991
KingSora1991

Who the f*** said that it was confirmed that people's information was stolen? There is no reports of certain individuals information including credit card information that has been stolen. They said 'POSSIBLY'. They never mentioned anyone saying that their info was stolen. Again it's "Possibly". No confirmation. Did anyone here notice their info has been stolen? And no "possibly stolen" doesn't count.

tachsniper
tachsniper

@JohnF111 First off i am not "after" Sony. I do not believe they are as completely snow white innocent as they protest to be. And yes if any of this occurred at my bank, doctors office or anyplace like that i would be just as angry with them. There is a thing called liability, Sometimes though ignorance and jsut plain stupidity you can actually aid in the theft without knowing it.

JohnF111
JohnF111

@tachsniper You trust your bank, why is Sony any different, you also trust your boss and your doctor, if their servers were hacked would you be after them as well? Another thing, it was encrypted.. please tell me how this is not safe or secure?

tachsniper
tachsniper

@x_Xarion_x Not the point, the point is we trusted Sony to keep that information safe and secure, they did not.

x_Xarion_x
x_Xarion_x

I love how people are so pissed that someone may have there name, address and birthday but many of the same people willingly post the same information and more on facebook.

MALMSTEEN4774
MALMSTEEN4774

Man i need PSN back on!!! ok its a hack thing problem but still!!!! 9 days. . . .and counting! this is TOO MUCHHHH!!!!

chibi-acer
chibi-acer

If an encrypted copy of the credit card info was stolen, it's unlikely the hackers would crack that layer in one week. It could be a month or more before we can truly feel our credit info is safe (at least from this mishap).

tachsniper
tachsniper

@mega_sonic_fan So you call leaving personal info like names, addresses, ect on a plain text document doing things the right way? Then i'd sure as hell hate to see the wrong way.

Frostyballoon
Frostyballoon

Everyone is a f*cking child....Shut up about who is better...It about personal preference..thats it Microsoft and Sony have a lot of problems with their own products...no one is perfect..no one has room to talk Sh*t about the other one so shut up and play you're systems since you bought it...

AFO-Wolfpack
AFO-Wolfpack

@mega_sonic_fan agreed...plus why is anyone who plays XBOX 360 even reading this! it doesnt concern you, thats why the article is about the PLAYSTATION NETWORK!!!!

mega_sonic_fan
mega_sonic_fan

Wow, all this console wars is STILL going on. You guys are all lame, just get over it already, all the systems have their own pros and cons to them. As for the latest news, I had a feeling that no credit card information was going to be leaked in to and used. Like they said the security code on the back is the MAIN thing you need to make any online purchases and without it you have a 1 in 999 chance to get it right. Sony has done good in giving cautuion about this as to any one would if something like this were to happen. Thank you Sony for doing things the right way

tachsniper
tachsniper

@Sparticus1013 Was i defending Sony? Or was i pointing out that Xbox fanboys dont have room to talk becasue the 360 has its own share of problems.

-SenJu-
-SenJu-

"Abundance of Caution", I like that. Hopefully this matter will be resolved soon, new DLC for COD: Black Ops is coming out soon! :)

Sparticus1013
Sparticus1013

@tachsniper "i got one thing to say to you, Red ring of death, Shush" Are you really spouting your anti-360 rhetoric when your PSN has not only been offline for a week and a half, but your account information has been compromised? Microsoft is a very easy target, but right now you're in no position to be defending Sony. At least wait until PSN is back online before you start with the fanboyism please.

tachsniper
tachsniper

@abdulhamian i got one thing to say to you, Red ring of death, Shush

shadow551991
shadow551991

@7C7R7N7 yeah ive heard rumors too, it could be.

SuperMessy
SuperMessy

This is PSN me off! Sorry, but I just had to say that lol. I hope it gets restored soon, I want to download some dlc.

StingrayX5
StingrayX5

I want to see CONFIRMED reports of people getting their information taken...until then...everyone, STOP COMPLAINING!

StingrayX5
StingrayX5

EXACTLY!...dang Lawyers want to sue over ANYTHING! even if Sony did NOTHING to them...PATHETIC SCUM!