Home > News, Playstation 3 > Hackers selling PSN data of over 2.2 million users [4/29/2011]

Hackers selling PSN data of over 2.2 million users [4/29/2011]

There are rumors that the hackers have the personal info (names, addresses, creditcard numbers, etc) of over 2.2 million users and tried to sell it back to Sony but with no reply. So now they are trying to sell them the highest bidder.

From; http://bits.blogs.nytimes.com

Security researchers said Thursday that they had seen discussions on underground Internet forums indicating that the hackers who infiltrated the Sony PlayStation Network last week may have made off with the credit card numbers of Sony customers.

The comments indicated that the hackers had a database that included customer names, addresses, usernames, passwords and as many as 2.2 million credit card numbers, the researchers said.

Kevin Stevens, senior threat researcher at the security firm Trend Micro, said he had seen talk of the database on several hacker forums, including indications that the Sony hackers were hoping to sell the credit card list for upwards of $100,000. Mr. Stevens said one forum member told him the hackers had even offered to sell the data back to Sony but did not receive a response from the company.

Although several researchers confirmed the forum discussions, it was impossible to verify their contents or the existence of the database.

When asked about the hackers’ claims, Patrick Seybold, senior director of corporate communications and social media at Sony, said, ”To my knowledge there is no truth to the report that Sony was offered an opportunity to purchase the list.” Mr. Seybold also pointed to a blog post Sony published Thursday that said: “The entire credit card table was encrypted and we have no evidence that credit card data was taken.” Sony has said that it could not rule out the possibility that hackers might have obtained credit card data.

“Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers,” said Mathew Solnik, a security consultant with iSEC Partners who frequents hacker forums to track new hacks and vulnerabilities that could affect his clients. Mr. Solnik said that people on the forums had details about the servers used by Sony, which may indicate that they had direct knowledge of the attack.

Mr. Solnik said researchers believe that the hackers gained access to Sony’s database by hacking the PS3 console and from there infiltrating the company’s servers.

Dan Kaminsky, an independent Internet security specialist, said in a phone interview that he had also seen forum posts about a Sony credit card database, but he said he could not confirm who was behind the attack. “These attacks just keep getting larger and larger and larger,” he said. “The security measures technology companies employ today are just not robust enough.”

The San Diego office of the Federal Bureau of Investigation, which is helping Sony with its inquiry into the hacking incident, declined to comment.

“Screenshots” from PSX-Scene forums

Advertisements
  1. Me
    April 29, 2011 at 9:15 pm

    Sony is largely responsible because they should have had better security in place, but hacks happens and I can live with that. What IS ridiculous, however, is Sony’s handling of this. They say nothing for days and refuse to let us know what was compromised and in what way and by whom and how it was done. All we hear is our logins, addresses, stuff nobody really cares about, but then they say CC numbers MIGHT have been accessed, but it was encrypted, so they PROBABLY don’t have those numbers. WHAT?!

    Listen, Sony, I know you’re an arrogant, holier than thou company that refuses to admit when it makes a mistake, but you still have a corporate responsibility to do all you can to do secure your failure, and in the least give us the info to secure ourselves as a result of your failure. Not today, not yesterday, but WEEKS ago you should have informed everyone of the possible financial breach of security and instructed everyone to contact their banks and have a new CC issued. That’s all it would have taken to render everyone’s loss to simply a matter of password changes. But NOOOO, that would be admitting your failure, that would be opening yourselves to lawsuits should all of our accounts be wiped out due to your lack of foresight with regard to security. Apparently, you value your shareholders more than those who buy your products, which is fine, just don’t get upset when the lawsuits roll in. Just part of doing business, after all.

    Growing up I always bought Sony, I even had the $500 anniversary cassette player, but then in my poor college years I moved to Samsung and others. Last year I reevaluated my electronics and decided I would go back to Sony, mostly because of Samsung and their decision to use crappy capacitors and then lie and ignore the issue. I need a new TV, was going to buy a top of the line Sony, I also need a few other electronics and was planning to buy Sony as well… nope, you’ve lost me due to your arrogance and incompetence. This is just one more example of how corporate mishandling can ruin the reputation of a brand, which is in itself how a risk management dept can misguide and misread how damaging their recommendations can be.

  1. January 31, 2012 at 7:41 am
  2. May 4, 2012 at 12:52 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s