Sony: Credit Card Data Was Encrypted But Personal Data Was Not

In an faq on the official PlayStation blog, Sony revealed that PSN users' credit card info was encrypted and that - most probably - hackers didn't steal it. On the other hand, personal data was stored in the plain and hackers have grabbed it definitely.

"All of the data was protected, and access was restricted both physically and through the perimeter and security of the network," the faq reads. "The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

Sony then explained that the warning they issued yesterday was "out of an abundance of caution." The company also noted that it never stored credit card security codes (sometimes called a CVC or CSC number).

According to what's stated in the faq, the most prominent threat facing PSN users is identity theft and sophisticated scams that are aided with the wealth of personal data the hackers managed to steal. Hackers might also be able to use the passwords they obtained to access users' accounts on different sites and services if they are the same.

The PSN will come back online in less than 6 days, but only after Sony is confident that it is secure enough.

Add new comment

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

Comments

amazing

Let me get this straight: Sony stored passwords in plaintext? That is ridiculous! Only the hash of the password should be stored, as any software developer / database admin / general IT person knows! With all the experience Sony has from locking down their consoles to "protect" them from the users, they should know better.

Add new comment