More drama in the continuing PSN network debacle. According to a post on the now notorious PSX-scene forums [1], database information from the PSN is now available for purchase in the hacker underground. Not only that, but the hackers themselves were going to sell the database information back to Sony, which was denied. More details after the jump.
The poster cites Ken Stevens, a “Security Researcher” on Twitter. [2] Following a few exchanges, some screenshots of the “underground” forums where the information is traded was revealed as well, as seen below.
The information included not only the Names, Addresses, phone numbers, emails, and CC number with expiration, BUT ALSO included the CVV2 numbers as well. This is highly suspect as there’s no indication CVV2 numbers are used when inputting CC info in the PSN. So this is most likely false as described in his posts.
[3]
[4]
[5]
Somewhat disturbing news, considering that Sony’s last update on their blog [6] stated explicitly that end user personal data was NOT encrypted, but CC information WAS encrypted and stored on a separate data set.
“All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”
Tell us what you think in the comments and on the boards. FIRE AWAY!
*See HERE to see what YOU can do to prevent your identity being stolen if you have a PSN account.* [7]
UPDATE: We’ve emailed Sony for an official statement.
UPDATE 2: Possibly fake [8]?