If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Rumour: PSN member credit card numbers on sale in hacker underground

The cyber-security community and its shadowy cousin are abuzz today with rumours that hackers are offering to sell a database of 2.2 million credit card details stolen from Sony's network.

The rumours seem to have originated with Trend Micro's Kevin Stevens, who tweeted today that the hackers responsible for breaching the PSN's security are willing to part with a chunk of the information so obtained - for a price.

He later added that Sony had been offered the chance to buy back the information, but declined.

Sony has denied this. Speaking to the New York Times, SCEA comms boss Patrick Seybold said:

”To my knowledge there is no truth to the report that Sony was offered an opportunity to purchase the list.”

Seybold referred again to a Sony statement on the matter of credit card data encryption on PSN, made yesterday: “The entire credit card table was encrypted and we have no evidence that credit card data was taken.”

Sony has said that it could not rule out the possibility that hackers might have obtained credit card data.

Mathew Solnik, a security consultant with iSEC Partners who frequents hacker forums to track new hacks and vulnerabilities that could affect his clients, told the NYT that it can't be ruled out that credit card data was stolen by hackers last week.

“Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers,” he said.

The database is said to include full user details for each card - first and surname; address; phone number; email address; email password; date of birth; and credit card number, expiry state and security code.

The inclusion of email password and card security code, neither of which are collected by Sony, lends some weight to the suggestion that this is a load of old bollocks.

In support, PSX-Scene has a chat log and several screenshots supposedly taken from hacker and credit card fraud communities.

The site echoed the rumour that Sony had been offered the chance to buy back the database.

The first attack
Meanwhile, an Australian man is claiming to be the first documented victim of PSN-gate related credit fraud.

ABC News reports the unfortunate PSN member found several small transactions on his statement following the security breach, in a pattern familiar to those who've been caught by scammers. Soon after, over AUD $2000 in charges hit the account.

If the activity is related to PSN-gate, the target of the purported fraud was lucky enough to score a stupid scammer, who purchased flights within Australia and hotel stays. There is little chance the beneficiary of these purchases will escape detection.

Thanks, Kotaku, GamePolitics.

Sign in and unlock a world of features

Get access to commenting, homepage personalisation, newsletters, and more!

Related topics
About the Author
Brenna Hillier avatar

Brenna Hillier

Contributor

Based in Australia and having come from a lengthy career in the Aussie games media, Brenna worked as VG247's remote Deputy Editor for several years, covering news and events from the other side of the planet to the rest of the team. After leaving VG247, Brenna retired from games media and crossed over to development, working as a writer on several video games.

Comments