Last week hackers, purportedly from the Internet collective Anonymous, managed to hack into the PlayStation Network - Sony's online portal for PS3 and PSP consoles. The serious security breach saw the hackers harvest personal information and password details of the 77 million odd PSN accounts, in addition to unsettling rumours of the users' credit card info being compromised. The credit card info leak was until now, a matter of conjecture, with Sony neither admitting nor denying the possibility. If TrendMicro's online security expert Kevin Stevens is to be believed, "low-level cybercriminals" are shopping around for databases containing credit card information of 2.2 million PSN members.
According to Stevens, the credit card data is up on illegal forums and holds enough information for anyone wielding it to siphon money off the card holder. Although Stevens didn't provide a link to these forums for obvious reasons, he claims the credit card data peddled there includes card holder's names, addresses, phone numbers, email addresses, dates of birth and also the CVV2 numbers. According to Sony, the PSN credit card details were encrypted. That may sound reassuring, but encryption doesn't always prove to be a deterrent to seasoned hackers. For all we know, the credit card details up for sale may just be a scam, but recent reports of PSN users falling prey to credit card fraud may not be a mere coincidence.
Sony's laxity in informing its users about the security breach is most damning, as it took almost a week for Sony to warn its 77 million PSN users that their personal information, password and credit card details may have been compromised. A class action lawsuit accusing Sony of not taking "reasonable care to protect, encrypt, and secure the private and sensitive data of its users" was filed in the American courts. The suit claimed that Sony deliberately withheld information of the PSN security breach and read, "[Sony] has been aware for a substantial period of time that PSN was prone to catastrophic loss of data from a security breach. Nevertheless, [Sony] failed to warn its customers of the problem or tried to prevent them from suffering system suspension from security breaches and data loss." If you have your credit card details linked to your PSN account, it will be prudent to keep a close eye for any suspicious activity.
According to Stevens, the credit card data is up on illegal forums and holds enough information for anyone wielding it to siphon money off the card holder. Although Stevens didn't provide a link to these forums for obvious reasons, he claims the credit card data peddled there includes card holder's names, addresses, phone numbers, email addresses, dates of birth and also the CVV2 numbers. According to Sony, the PSN credit card details were encrypted. That may sound reassuring, but encryption doesn't always prove to be a deterrent to seasoned hackers. For all we know, the credit card details up for sale may just be a scam, but recent reports of PSN users falling prey to credit card fraud may not be a mere coincidence.
Sony's laxity in informing its users about the security breach is most damning, as it took almost a week for Sony to warn its 77 million PSN users that their personal information, password and credit card details may have been compromised. A class action lawsuit accusing Sony of not taking "reasonable care to protect, encrypt, and secure the private and sensitive data of its users" was filed in the American courts. The suit claimed that Sony deliberately withheld information of the PSN security breach and read, "[Sony] has been aware for a substantial period of time that PSN was prone to catastrophic loss of data from a security breach. Nevertheless, [Sony] failed to warn its customers of the problem or tried to prevent them from suffering system suspension from security breaches and data loss." If you have your credit card details linked to your PSN account, it will be prudent to keep a close eye for any suspicious activity.
0 comments:
Post a Comment