Sony denies hackers attempted to sell back credit card database

Sony has issued yet another update on the PSN situation, following the security compromise which saw the network being taken offline nearly two weeks ago.

You might recall on Friday there was some speculation on parts of the net that underground forums had alleged credit card details stolen off PSN for sale. Indeed, one report suggested that Sony itself had been offered the chance to buy back the database.

Although it’s true that the source in question was less than convinced that the supposed hackers weren’t pulling their leg and making this whole story up.

However, Sony has clarified that it hasn’t been offered the chance to purchase such a list.

On the EU PlayStation blog, Nick Caplin, Head of Communications at SCEE, wrote: “One report indicated that a group tried to sell millions of credit card numbers back to Sony. To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list.”

Furthermore, in a clarifying mode, Sony also went on to make a point about the passwords which were pinched off PSN.

It had previously said that these weren’t encrypted and left it at that. However, they were subject to a cryptographic hash function – in other words, they weren’t just stored in cleartext form.

We found it hard to believe that they would have been, but given Sony’s lack of any clarification regarding the passwords, everyone was rather left in the dark as to exactly what security was maintained.

Of course, that doesn’t mean your password is safe by any means. Sony notes: “When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password.”

When PSN comes back online later this week, when users log on a forced system update will ensure they change their password.

But Sony also reminds: “Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.”

By Darren Allen

No comments: