At least one Australian PlayStation Network (PSN) user has been hit with $2000 AUD ($2193 USD) worth of fraudulent charges on his credit card. This could be the first sign that the hackers did indeed get away with 2.2 million credit card numbers as they claim, or it could just be a really bad coincidence.
While Sony has said that not only were the credit cards numbers encrypted, but that there was no evidence that hackers got away with any, there has been chatter on various hacker forums that there are at least 2.2 million of them floating around. According to ABC News, Rory Spreckley of Adelaide, Australia has found definite evidence of fraud in his bank statement. "There was a number of early transactions on the 23rd of amounts under $1, which they say is the usual kind of test run that fraudsters do and then there's been a number of transactions of larger amounts, including domestic flights within Australia, bookings at Best Westerns [hotels] and what not," Mr. Spreckley told ABC.
The timing is certainly right for it to have been part of the widely reported PSN attack, but you can't say with any certainty that it was the cause. With over 70 million users of the gaming network, odd are fairly high that someone amongst all of the impacted users could be hit with fraud from another source. The fact that the charges include domestic flights within Australia leads me to believe that this is something that happened locally to Spreckley as opposed to being part of the Sony situation. Of course, the hackers could have also sold the card number to someone in Australia, but until the people using his card are caught, we just won't know.
This is, however, a good opportunity to remind anyone who had a credit card stored on PSN to keep a watchful eye on their bank and credit card statements for any suspicious activity. Having worked in Internet retailing, I can confirm that quite often it will start off with small charges as the criminals want to make sure the credit card number is valid before trying to move on to larger purchases. You need to watch for those small charges, purchases made in locations you have not been to recently and any charges with companies that you don't recognize. As some companies do business under multiple names, it never hurts to call them up if you don't immediately know the name to find out what other titles they may operate under.
While the PSN hack is the latest event to bring this to the fore front of the media's attention, these are good rules of thumb to follow at all times, even if you don't use a particular credit card anywhere online.
Do you check your credit card statements regularly for suspicious activity?
[via ABC News]