Friday, April 29, 2011

Rumour: 2.2 million credit card details stolen in PSN attack

Tech Herald
Steven Mostyn

Following this week’s gloomy revelation that hackers have successfully stolen the personal information of 77 million users of the PlayStation Network (PSN), Sony has now moved to allay fears that credit card information was also pilfered during the attack.

“The entire credit card table was encrypted and we have no evidence that credit card data was taken,” said Patrick Seybold, senior director of corporate communications in an official blog post.

That being said, although Sony insists that the personal details of PSN users were stored separately from credit card data, its confidence has fallen short of ruling out the possibility that payment information might have been obtained.

Bearing that in mind, security firm Trend Micro has today said underground Internet chatter indicates that those responsible for attacking Sony’s online network were indeed able to make off with up to 2.2 million credit card numbers.

According to Trend Micro’s senior threat researcher, Kevin Stevens, whispers on known hacker forums suggest the hackers are now attempting to sell the ill-gotten credit card list for $100,000 USD.

He even claims the hackers have unsuccessfully tried to sell the stolen data back to Sony—something Seybold has been quick to deny.

Speaking with the New York Times, independent security specialist Dan Kaminsky said he too has monitored forum posts pointing to the cracking of PSN’s credit card database.

Kaminsky also said the Sony breach shows hackers are becoming progressively more ambitious in selecting their targets, and that current barriers used to deflect such attacks aren’t sufficient.

“The security measures technology companies employ today are just not robust enough,” he warned.

No comments:

Post a Comment