PSN breach: Sony doubts veracity of stolen credit card list
Sony today stated that it doubts the existence of a stolen credit card list, which allegedly holds millions of card numbers in addition to information like users’ addresses, birth dates, phone numbers, and email addresses with passwords.
"One report indicated that a group tried to sell millions of credit card numbers back to Sony," said Patrick Seybold, SCEA senior director of corporate communications. "To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list."
Seybold also clarified the manner in which Sony stored PlayStation Network passwords.
"While the passwords that were stored were not 'encrypted,' they were transformed using a cryptographic hash function," continued Seybold. "There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form."
For an explanation of Hash vs Encryption, click here.
Sony also reasserted that it will never request information like credit card number, social security number, or other personally identifiable information from PlayStation Network users. If you do receive such requests from "Sony," disregard it them — they're phishing attempts.
"We continue to work with law enforcement and forensic experts to identify the criminals behind the attack," concluded Seybold. "Our objective is to increase security so our customers can safely and confidently play games and use our network and media services."