Sony has come out to debunk a number of rumors surrounding the information obtained in a recent PSN intrusion that has shut down the online network and put millions of PSN users' personal data at risk.
In a message on the European and U.S. PlayStation blogs, the company stated there is "no truth" to reports that a hacker is offering to sell millions of credit card numbers obtained from PSN, or that Sony was offered the chance to purchase those numbers back for itself.
Last week, the company clarified that it stored credit card data in an encrypted format, and without necessary security code data.
Though Sony says there was no evidence this credit card data had been compromised along with other PSN user information, the company said it "can not rule out the possibility," and has recommended users protect their credit card information out of "an abundance of caution."
Sony also said, "While the passwords that were stored were not 'encrypted,' they were transformed using a cryptographic hash function," and not stored in plain text format. That makes it potentially difficult for hackers to gain functional use of those passwords for PSN or other user accounts, but it's not as secure a measure as encryption.
At a Japanese press conference over the weekend, Sony said it hoped to have PSN back up sometime this week, and was considering covering costs for reissued credit cards incurred by users.
The company also said it plans to users a free month of access to the PlayStation Plus service to make up for the inconvenience caused by the network outage.
I wish they'd stop repeating that the missing CVV2s are any sort of security boon; they aren't. Many sites do not ask for them. Amazon.com for instance.
It is quite probable that the scare of hackers on message boards and IRCs claiming to try and sell the data are false. We live in an age of trolls.
Plus those goods are *really hot*. If the hackers just wanted cred on a major job, they got it. If they're good (and lucky), they may slip through the cracks and escape authorities. But if they sell this data, they greatly increase their chances of getting caught. Especially if the buyer is, say, actually a government body posing as a buyer.
"the company stated there is "no truth" to reports that a hacker is offering to sell millions of credit card numbers obtained from PSN"
"Though Sony says there was no evidence this credit card data had been compromised along with other PSN user information, the company said it "can not rule out the possibility,""
These sentences are contradict each other, if they "can not rule out the possibility" the credit card data was stolen, they can't say for sure, that there is "no truth" in reports, that this stolen credit card data is for sale.
I wish they'd stop repeating that the missing CVV2s are any sort of security boon; they aren't. Many sites do not ask for them. Amazon.com for instance.
Plus those goods are *really hot*. If the hackers just wanted cred on a major job, they got it. If they're good (and lucky), they may slip through the cracks and escape authorities. But if they sell this data, they greatly increase their chances of getting caught. Especially if the buyer is, say, actually a government body posing as a buyer.
"Though Sony says there was no evidence this credit card data had been compromised along with other PSN user information, the company said it "can not rule out the possibility,""
These sentences are contradict each other, if they "can not rule out the possibility" the credit card data was stolen, they can't say for sure, that there is "no truth" in reports, that this stolen credit card data is for sale.