PSN: Hackers Claim To Have Card Details

Peter Chapman 115 Comments

This morning, rumours are surfacing that our credit card details might be out there on the black market already. According to the New York Times, hackers are claiming to have 2.2 million sets of card details and are offering them for sale on internet message forums.

Their information seems to be sourced from a securities analyst called Kevin Stevens (although there are claims that several other researchers have backed up his claims) who says he was offered the details personally and also that the hackers have tried to sell the information back to Sony but were turned down. Apparently, the asking price for 2.2 million European credit card numbers is around $100,000.

PSX Scene, a site which seems to be dedicated to the hacking of PlayStation products, has some more information. They’d posted a transcript from an IRC chat and some screenshots taken from what they call “underground” forums.

Here’s the IRC transcript:

Discussion about #psnhack and possible speculation about the hackers being from Europe Logs – efnet – #ps3dev – 2011-04-26

trixter, people I know had a shell on the psn servers

did you know that sony didn’t disable the function that sets the psn server under maintenance ?

The hackers that hacked PSN are selling off the DB. They reportedly have 2.2 million credits cards with CVVs #psnhack

Sony was supposedly offered a chance to buy the DB back but didn’t #psnhack

@mikkohypponen That is what is going around on some underground forums. The DB contains pretty much everything

@the_pc_doc That is what I thought but the guys selling it say that they have CVV2 numbers

@RiquezJP Well not properly securing your server breaks compliance as far as I know.

@RangerRick Yeah, this information about the CVV2 numbers could be bogus. The guys selling the DB could just be making it up.

Supposedly the hackers selling the DB says it has: fname, lnam, address, zip, country, phone, email, password, dob, ccnum, CVV2, exp date

No, I have not seen the DB so I can not verify that it is true

The most important piece of into there is the reference to CVV2 numbers, these are the 3 digit numbers on the reverse of a card which it had previously been assumed had not been taken. So, it seems that the sellers are at least claiming to have all information needed to use our cards for fraudulent transactions.

It’s important to stress that these reports have not been confirmed by Sony. In fact, they have been denied, albeit in a way with the traditional indemnifying phrases by Patrick Seybold:

To my knowledge there is no truth to the report that Sony was offered an opportunity to purchase the list. The entire credit card table was encrypted and we have no evidence that credit card data was taken.

Whether you believe these claims or not is a personal judgement call but as ever, we advise you to be cautious with your personal information and security at all times, online or off.

Source: NYT and PSX Scene

Tags:

Related stories from TSA

Sony Agrees To Pay £250,000 Over 2011’s PSN Hack
The Two Year Anniversary Of The PSN Hack
Sony Fined £250,000 Over PSN Hack
Amy: PS3 Version Completed In April?

115 Comments

  1. Anybody who is stupid enough to leave their credit card details saved on their PSN account deserves a financial kicking anyway as it immensely narrow-minded and risky to do so. The hackers are providing a needed lesson I guess.

    • I dont see how it was narrow minded or stupid to trust a major store such as the PSN.

    • I think you just went of the top a little bit here. Calling people names just because they’re taking advantage of online transations and card payment in XXI century – that is a bit narrow-minded too.

    • Yes, thankyou hackers for my much needed lesson. I guess this is all my own fault that Sony didn’t have good enough protection and that there are little pricks out there who want to hack into their systems and fuck everything up for the rest of us.

      Yes thankyou hackers without you I would be spending time enjoying my games on the PS3 over the holiday period when I had a bit of time to do so.

      Many many thanks, MrIrving.

    • I can’t believe I just read that.

      Did you just sign up just to post this absolute tosh? play, amazon, paypal, tesco are just a few sites that do exactly what the psn does regarding details. Mostly this is pretty safe but sometimes these dicks.. I mean hackers or disgruntled employees decide to as you put it teach us needed lessons.

      I don’t consider myself or the other millions of people buying online in this way stupid because we have done nothing wrong!

      I used to respect old school hackers but what we are getting now days is way beyond beating security for kicks. They deserve the full force of the law.

      • But think about it. You keep your details saved to prevent you having to re-enter them next time you use your card; if you put in a bit more effort in the interest of safety and don’t take the lazy option, you wouldn’t in this situation. ;)
        So chill ladies… I’m jus’ sayin’, my card’s not in this situation, so I’m hardly the incorrect one. :P

    • Your first post on this was insulting and this one is just dumb. You are supposed to be able to input your card details and they should be safe. This is called e-commerce. E-commerce is not a new thing and has been around for many years so it’s perfectly acceptable to believe that your information is kept safe. If this was not the case then internet shopping would not exist as nobody would trust it to buy anything. As we know internet shopping has come to rival high street shopping so obviously it is a form of purchasing that has become a trusted institution.

      The fault here lies with Sony’s failure to provide suitable protection of our details and the hackers for trying to take it in the first place and not with the user who has to suffer the consequence of either of these actions.

      There is still no proof that credit card details have been compromised yet and there is nothing in this thread that makes me think they have.

  2. Am i the only one who can sense that this story is total bullshit?
    Are most of you guys really gonna trust anything that those scumbags say (or type)?
    Publishing this article is giving them exactly what they want……more publicity……..Ultimately it’s the scumbags who hacked Sony in the 1st place who should be blamed, not Sony. (Just the same as it’s not your fault if someone breaks into your house)
    If i’m later proven to be wrong, then i’ll eat my words….on a sandwich….until then, i’ll be chilling out waiting on the PSN coming back online ;)

  3. I swear if they have details I will absolutely leather the first hacker I meet. They are not above the law.

  4. please delete this article its not helping

  5. logged into my internet banking this morning and got this message about the Sony PSN issue –

    You may have seen the recent news in relation to the Sony PlayStation Network data breach. Please be reassured that The Co-operative Bank treats data compromises extremely seriously. We do not believe at this time that enough information has been compromised to put your account at risk and therefore do not feel it necessary to block our customer’s cards. We are however monitoring the situation and working closely with the Industry and will advise our customers if any further action needs to be taken.

  6. Drop these rumours already jeeez. Onto the next.

  7. WHEN IS PSN IS ON :(

  8. “We have no evidence that credit card data was taken.”

    Of course they don’t. They were too busy hiding their head in the sand.

  9. @Broonba

    You’re right dude. Chill out. Ignorance is bliss, they say…

Comments are now closed for this post.