Earlier this week, Sony warned users of its PlayStation Network that account info for millions of customers had been swiped by hackers. The company downplayed the risk that credit card numbers could be among that stolen info, saying that “while there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.” Now, it looks like it might be time to rule it in. Hackers are boasting that they have over two million credit-card numbers belonging to Sony customers.
Security researchers contacted by The New York Times said they’d seen the hacker gossip, but couldn’t confirm that it was accurate:
Kevin Stevens, senior threat researcher at the security firm Trend Micro, said he had seen talk of the database on several hacker forums, including indications that the Sony hackers were hoping to sell the credit card list for upwards of $100,000. Mr. Stevens said one forum member told him the hackers had even offered to sell the data back to Sony but did not receive a response from the company….
[Security consultant Matthew Solnick] said that people on the forums had details about the servers used by Sony, which may indicate that they had direct knowledge of the attack.
Mr. Solnik said researchers believe that the hackers gained access to Sony’s database by hacking the PS3 console and from there infiltrating the company’s servers.
Sony denied being offered a chance to buy back the database, and the FBI, which is helping the company investigate the incident, refused to comment.
Hackers Claim to Have PlayStation Users’ Card Data [NYTimes.com]