Fri, Apr 29, 2011 | 14:30 BST

Rumour: PSN member credit card numbers on sale in hacker underground

The cyber-security community and its shadowy cousin are abuzz today with rumours that hackers are offering to sell a database of 2.2 million credit card details stolen from Sony’s network.

The rumours seem to have originated with Trend Micro’s Kevin Stevens, who tweeted today that the hackers responsible for breaching the PSN’s security are willing to part with a chunk of the information so obtained – for a price.

He later added that Sony had been offered the chance to buy back the information, but declined.

Sony has denied this. Speaking to the New York Times, SCEA comms boss Patrick Seybold said:

”To my knowledge there is no truth to the report that Sony was offered an opportunity to purchase the list.”

Seybold referred again to a Sony statement on the matter of credit card data encryption on PSN, made yesterday: “The entire credit card table was encrypted and we have no evidence that credit card data was taken.”

Sony has said that it could not rule out the possibility that hackers might have obtained credit card data.

Mathew Solnik, a security consultant with iSEC Partners who frequents hacker forums to track new hacks and vulnerabilities that could affect his clients, told the NYT that it can’t be ruled out that credit card data was stolen by hackers last week.

“Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers,” he said.

The database is said to include full user details for each card – first and surname; address; phone number; email address; email password; date of birth; and credit card number, expiry state and security code.

The inclusion of email password and card security code, neither of which are collected by Sony, lends some weight to the suggestion that this is a load of old bollocks.

In support, PSX-Scene has a chat log and several screenshots supposedly taken from hacker and credit card fraud communities.

The site echoed the rumour that Sony had been offered the chance to buy back the database.

The first attack
Meanwhile, an Australian man is claiming to be the first documented victim of PSN-gate related credit fraud.

ABC News reports the unfortunate PSN member found several small transactions on his statement following the security breach, in a pattern familiar to those who’ve been caught by scammers. Soon after, over AUD $2000 in charges hit the account.

If the activity is related to PSN-gate, the target of the purported fraud was lucky enough to score a stupid scammer, who purchased flights within Australia and hotel stays. There is little chance the beneficiary of these purchases will escape detection.

Thanks, Kotaku, GamePolitics.

66 comment-trail-alt Posted in: Crime, PSN, Rumour, Sony
Tags: , , ,

66 comments

Older Comments

#51

Telepathic.Geometry
29/04/11, 2:15 pm

Oi, monu-mental, gimme the Friend’s Ring will ya?

#52

Patrick Garratt
29/04/11, 2:31 pm

I’ve updated it. SCEA’s denied it was offered any list of credit card data for sale.

#53

Dr.Ghettoblaster
29/04/11, 2:49 pm

All we need are the words “SEX” and “DRUGS” somehow worked into a new PSN hacking article title, and i think we’d have every possible rumor covered…

#54

Christopher Jack
29/04/11, 2:59 pm

Sony’s released a second part to their Q&A
http://blog.us.playstation.com/2011/04/28/qa-2-for-playstation-network-and-qriocity-services/

Q: Will there be a goodwill gesture for the time we haven’t been able to utilize PSN/Qriocity?
A: We are currently evaluating ways to show appreciation for your extraordinary patience as we work to get these services back online.

I like the sound of that :D

#55

DrDamn
29/04/11, 3:15 pm

@50
So you think proper statistical analysis and monitoring of the full set of cards is the way to detect this? Rubbish, statistically meaningless possibly related posts to internet forums are much more reliable! ;)

#56

spiderLAW
29/04/11, 3:17 pm

@54
me too.
I want goodies please!

#57

KrazyKraut
29/04/11, 3:26 pm

RUMOR: ppl will get wet on this year rain season.

#58

spiderLAW
29/04/11, 3:42 pm

RUMOR: KrazyKraut will try and be funny earlier on today!

jk….i love ya man lol

#59

ManuOtaku
29/04/11, 3:48 pm

#54 If they do that they are will be sending a strong message that they care about their costumers, which is nice in my book, i will be happy for those who suffered the most and myself included of course.

Having said that, sony an this is a recommendation of my part, learn from your mistakes, i grant your actions post the hack were good, but prior the hack were lacking to said the least, with the exception of course of the lack of information with a strong delay throw in the way, this will be one leason to learn please act as soon as things happens and then give the information to your users, another one as soon as someone gives the information about how to get into your device, please take inmediate actions in order to make it stronger and / or to rebuild it again, please don wait for the hack to happen.

Lastly keep our personal information (passwords, dates, etc) heavily secure, at least even heavier than this time, with this i think you should be a better company to your users (myself included) which i think will be a win win scenario to everyone.

Ah and thanks in advance for the compensations. apprecieatted

#60

mickey2002
29/04/11, 4:25 pm

That card is pretty new and is only on PSN in the world of the internet. It’s not been out of the home and so no stolen and my wallet is highly RFID protected even if it was taken also. So yeah unless someone is a mind reader or something. Or a leak at the bank ? LOL so the clearest reasoning is it’s down to the recent issues with PSN.

The £12 pounds is only one that made it, the others for higher amounts all got blocked. The £12 was from some weird company name, bank couldn’t tell was the money was actually used for. I find it funny how Sony are hinting at the fact that CC details will be safe (not offically stating that however)… yet it took them ages to tell us our data was leaked. Hopefully ICO has something to do with that (which like it will be the case)

#61

DrDamn
29/04/11, 4:48 pm

@mickey2002
When you say its only been used for PSN internet wise, has it just been used for PSN stuff full stop or have you used it on other stuff? Also you mention its not been out of the house but its in your wallet?

Not doubting you, just ascertaining facts as a story like yours is more worrying than this article.

#62

mickey2002
29/04/11, 6:19 pm

@DrDamn Well PSN only netwise but not used it for anything in person yet either it’s only 4 weeks old. And I ment the card hasn’t left the house (in my desk safe) my wallet has, was just stating even if it had, not like anything could of copyed it as wallets RFID protected.

So ONLY options are. PSN, Leak at the Bank ? and my money is on PSN abit too much of a coincidence right ? :/ either way it just sucks awaiting a new card with the bank holidays etc. Not used that one for few weeks and now I need one typical lol.

#63

DrDamn
29/04/11, 6:43 pm

If its new then perhaps the related story first in the list is more applicable? I.e. It was intercepted when you registered it with the account recently.

#64

DrDamn
29/04/11, 6:51 pm

Actually scratch that just read the article, unless you’ve been playing with custom firmware on your PS3.

#65

kreck
30/04/11, 2:23 am

they stole credit card info and have been using it they tried using mine and tried using 300 dollars but fortunately my credit card company say that as suspicious and told me

#66

Christopher Jack
30/04/11, 5:50 am

If people wish to direct their anger somewhere, it should be towards those who have compromised the integrity of the gaming service – not the providers themselves. After all, without them, we never would have had such great services to miss in the first place.

Older Comments

Leave a Reply