News Section Logo NEWS - Return to news section


PSN Hacker Attempts To Sell Stolen Data, Including Credit Card Numbers

Posted by: , 15:33 AEST, Sat April 30, 2011

Permanent Link     Add Comments
submit to reddit
PSN hackers claim they now have full unencrypted credit card numbers, including CVV codes, and have said that Sony refused to buy back the stolen data when offered the chance

Sony has tried to calm users by explaining that their PSN credit card info was encrypted, but it appears that this was no deterrent for the industrious hacker that hacked the network.

The hackers have now tried to sell the stolen data on online black market forums, and they say they have everyone's credit card numbers, including the CVV number that Sony says they did not even store. 

The attackers also claim that they tried to sell the info back to Sony, but Sony refused to buy it back.

So it seems someone is telling the truth, someone else is not, or could both parties be telling the truth?

For the first claim made by the hackers, that they now have un-encrypted credit card numbers available for sale, this does not actually contradicts anything Sony have said so far. Sony says the credit card numbers are encrypted, which is standard industry practice. However, for Sony to use the numbers, they need to be able to decrypt them, and if the hackers have gotten deep enough into the PSN system, to observe the decryption sequence or to even use the system itself to decrypt the numbers before downloading them, then encryption is actually useless. And even if the hackers managed to only pull the encrypted data off the network, they could still have decrypted it themselves, if the encryption algorithm wasn't strong enough.

As for the second claim, that the hackers have the CVV numbers as well, this gets a little bit trickier. Under the industry standard PCI-DSS data security guidelines, CVV numbers cannot be stored, not even in encrypted form. But if the hackers have these numbers as they claim, then either Sony did not properly follow the PCI-DSS guidelines, which could get them into big trouble, or the hackers found some other way to intercept the numbers.

And as for Sony not buying back the data? Only Sony knows whether this has happened or not, and if they were offered the chance to re-secure user data, why they didn't feel the need to take up the hacker's offer.

Do you believe the claims by the PSN attackers, or do you think this is all just made up? Post your opinion in this news article's comments section, or in this forum thread:


Related News:

News Icon PSN Hack: Hacker Accesses Personal Information, Credit Card Details Possibly Stolen

posted by: Sean F, 11:55 AEST, Wed April 27, 2011

News Icon ZapTunes Closes, Starts New Business (or scam?)

posted by: Sean F, 11:51 AEDT, Thu January 6, 2011

News Icon PlayStation Network Down - Anonymous Says They Didn't Do It

posted by: Andrew K, 00:31 AEST, Sun April 24, 2011

News Icon Android Malware Attack: Google Market Apps Contains Exploit

posted by: Sean F, 14:49 AEDT, Thu March 3, 2011

News Icon Sony Intends To Sue More In PS3 JailBreaking Lawsuit

posted by: Sean F, 14:08 AEDT, Tue February 8, 2011