Did Sony Fib? PSN ‘Hackers’ Claim Over 2 Million Credit Cards Stolen

Uh-oh, did hackers make off with your financial data in Sony’s PlayStation Network fiasco after all?

Sony recently claimed it was pretty sure–though not hermetically certain–that whoever poked around its PlayStation Network between April 17th and 19th didn’t make off with credit card data. Personal info like names, addresses, and birth dates, yes, but the company said the credit card data was encrypted and didn’t include card security codes.

Now the New York Times reports that security researchers have witnessed chatter on “underground” message boards (sounds so clandestine, no?) suggesting hackers may have pinched piles of PSN member credit card numbers after all–as many as 2.2 million. Ruh-roh!

(More on TIME.com: Sony Says PSN Cloud Saves and Offline Trophies Safe, ‘Goodwill Gesture’ Coming)

The security experts were unable to verify the claims (which could of course involve a bunch of jokers playing the “you pay me, then I send you” game), but senior researcher Kevin Stevens at Trend Micro told the Times the hackers were peddling the card database for upwards of $100,000, and that one admitted trying to sell the list back to Sony (Sony reportedly didn’t respond).

“The hackers that hacked PSN are selling off the DB,” said Stevens in a tweet. “They reportedly have 2.2 million credits cards with CVVs.”

When the Times asked Sony spokesperson Patrick Seybold about the matter, Seybold said he wasn’t aware of an “opportunity to purchase the list,” and reiterated Sony’s claim that the credit card data table was encrypted, that it didn’t store card security codes, and that the company had no evidence card data was compromised.

But security consultant Mathew Solnik with iSec Partners says his company’s hearing the hackers actually infiltrated the PSN’s master database, which he says “would have given them access to everything, including credit card numbers.”

And The Guardian says some PSN members are now reporting instances of fraud, though noting (correctly) that the timing could be coincidental given the population size of the breach–77 million members in all.

(More on TIME.com: Sony Says PSN Credit Cards Encrypted, Not Personal Data)

Don’t assume any of this amounts to much yet, as nothing’s been verified.

“This #PSNHack is turning into a bunch of FUD [****ed up disinformation], it really is,” noted Trend Micro’s Kevin Stevens in a tweet this morning. “I posted up what I saw to warn people, not to incite the masses to create FUD.”

Eagle eye your financials to be safe, but don’t panic and phone-game what’s still unknown, in other words.

http://techtechnewsnow.wordpress.com poyntek

This is so ridiculous, that Sony’s network security would be so easy to crack! I do like my PS3, but this is bad news. Sony better get it’s act together soon or they will be out in the cold. The new Wii 2 is coming out soon and is supposed to be more powerful than the PS3, it looks like it’s going to be pretty cool…

http://www.tech-adventures.com/2011/04/nintendo-says-wii-2-is-in-works.html
http://girlwhearttattoo.wordpress.com lqverdugo

I am so glad that my boys only use PS3 gift cards. I resisted giving out my credit card number because they have to fund their own vices.
http://soldier2000.wordpress.com soldier2000

I also use gift card for PSN and itunes just because I feared somrthing like this, encryption can be broken with time!
http://rdukelsd.wordpress.com rdukelsd

People are way to hard on Sony. Nothing is 100% safe on the internet. They went like 8 years without trouble. Now because of one hack they get all this shit for it. Come on!!