Pages

Apr 28, 2011

Sony Confirms PSN Credit Card Data Encrypted, Personal Information Was Not

Sony starting to open up about PSN attack, provides consumers with Q&A forum.

If you can manage to step around the elephant in the room that is the biggest theft of consumer data ever, Sony has some good news about PSN: your credit card data was encrypted and appears safe, and some services of the online network will be restored by Tuesday.

As we enter day nine of the PSN outage, Sony has upped its PR game, providing more thorough answers to the most frequently asked questions consumers have via an ongoing Q&A on the official PlayStation blog.


"We are reading your comments. We are listening to your suggestions. Please keep them coming," Communications Director Patrick Seybold stated.
Notably, Sony has provided some details on the security measures it had in place to protect PSN and Qriocity user data. Credit card data was encrypted, Sony states, but personal info was not:

"All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

Sony goes on to confirm that it still has not discovered any evidence to suggest credit card data was stolen. However, the console maker states that "out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

And when will PSN be back online? Sony says it is working around the clock and plans to have "some services" up and running by Tuesday.

Another tidbit of news as we enter day nine of PSNgate: PlayStation 3 root key publisher George "Geohot" Hotz distanced himself from the PSN attack with a post on his blog, stating:

"To anyone who thinks I was involved in any way with this, I'm not crazy, and would prefer to not have the FBI knocking on my door."

"Running homebrew and exploring security on your devices is cool, hacking into someone else's server and stealing databases of user info is not cool. You make the hacking community look bad, even if it is aimed at douches like Sony."

0 Comments:

Post a Comment