PlayStation credit card warning
2011-04-28 23:01
New York - Sony is telling PlayStation users that it had encrypted the credit card data that hackers may have stolen, reducing but not eliminating the chances that thieves could have used the information.
Sony said in a blog post on Wednesday that while it had no direct evidence the data was even taken, it cannot rule out the possibility. It did not say how strong the encryption was, and it is possible for hackers to decipher files that are weakly encrypted - it's just more difficult.
"All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken," the company wrote in its blog post.
On Tuesday, Sony had said that account information, including names, birthdates, email addresses and log-in information, was compromised for certain players using its PlayStation Network. In an earlier blog post, the company had said that data had not been encrypted and had been kept in a separate location from the credit card information.
The company said it is in the process of moving its network infrastructure and its data centre to a new, more secure location, though it did not give any more details. And it said it is working with law enforcement to investigate who is responsible for the attack.
Sony shut down the network last Wednesday after it said account information, including names, birthdates, email addresses and log-in information was compromised for certain players in the days prior. It said it expects to have some services back up by next Tuesday, though it added it will only restore operations if it is confident that the network is secure.
Sony says that of the 77 million PlayStation Network accounts, about 36 million are in the US and elsewhere in the Americas, 32 million in Europe and 9 million in Asia, mostly in Japan.
- AP
