Despite assurances from Sony that none of the encrypted credit card files were taken in the recent PlayStation Network attack, there is some chatter amongst hackers to the contrary. The New York Times is reporting that senior threat researcher at the security firm Trend Micro Kevin Stevens has seen chatter on multiple hacker forums that around 2.2 million credit card numbers were procured during the attack. If it was just one person reporting it, you might be able to dismiss it, but it was also confirmed in the report by Mathew Solnik, a security consultant with iSEC Partners.
Supposedly the hackers are looking to sell off the credit card numbers they were able to obtain, even reportedly offering to sell them back to Sony for $100,000.. Senior director of corporate communications and social media at Sony Patrick Seybold said of the information, ”To my knowledge there is no truth to the report that Sony was offered an opportunity to purchase the list.” He went on to add, “The entire credit card table was encrypted and we have no evidence that credit card data was taken.” While he pointed to the statement the company made yesterday that they had no evidence that credit card data was taken, the company wasn’t ruling out the chance that it could have still potentially happened.
There is no reason to question that the hackers are boasting they have the file, but the question is if they really do. Saying you have something doesn’t necessarily mean that it’s true, and they could just be trying to get some money. There is also the question if they’ve been able to crack the encryption on the file, or are they attempting to sell it as is? We won’t know the answers to a lot of these questions until either Sony says the file was indeed taken or someone purchases it.
No matter what the truth is, it looks like this intrusion is going to continue to haunt Sony for some time to come. No matter what assurances they give once the network comes back up about how much more secure it is, people are still going to wonder about it. There will also be the fact that other hackers are going to want to test their mettle against these supposedly improved security measures.
There’s a long road ahead for Sony not just in securing their systems, but to also winning back the trust of their users.
What do you think? Did the hackers really get some of the credit card numbers?
[via The New York Times]