It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Over 2.2million credit card numbers from Sony PSN May be up for sale.

page: 1
1

log in

join
share:

posted on Apr, 29 2011 @ 05:23 PM
link   
It seems that the source of some of the rumors is Kevin Stevens, a senior researcher at security firm Trend Micro. He told The New York Times that he has seen discussions about the supposedly stolen database on hacker forums. Apparently hackers are claiming to have a copy of the database and are asking for a price “upwards of $100,000.”

“It is not a rumor, it was a conversation on a criminal forum. I never saw the DB so I can’t verify if it is real,” Stevens said in one of his tweets.

There’s more, though. Screenshots from “underground” message boards supposedly frequented by the hackers have been surfacing as well. We’ve seen these screenshots posted by security blogger Brian Krebs and on the PSX-Scene forums. One of them even describes the supposed format of the PSN credit card database, which includes credit card numbers, card security codes and expiration dates.

Sony has previously claimed that there is no evidence that credit card data was stolen, but that it couldn’t rule out the possibility. “If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained,” the company warned in blog post on Tuesday.

So far, there is no confirmation that credit card information has been stolen, that the PSN database is real or that the hackers are trying to sell it. Yet the mere possibility that 2.2 million credit cards could be sold to the highest bidder is an alarming and frightening possibility. Sony is working with the Federal Bureau of Investigation on the matter, but there’s no telling how long it will take them to track down the perpetrators of the attack
Link with pictures showing hackers in conversation.
mashable.com...
.
edit on 29-4-2011 by shikori because: (no reason given)

edit on 29-4-2011 by shikori because: (no reason given)



Now, though, MSNBC is making headlines with an article that starts off saying that some 2.2 million credit card numbers stolen from the PSN are being shopped around. The story stems from a Twitter post by Kevin Stevens of Trend Micro, a purveyor of Internet security software, which said that cybercrooks were claiming to have the accounts, including first name, last name, address, zip code, country, phone, email, email password, date of birth, credit card number, expiration date, and three-digit security code. That account was backed up by screenshots from a forum by Independent security blogger Brian Krebs. www.gamespot.com...
edit on 29-4-2011 by shikori because: (no reason given)

edit on 29-4-2011 by shikori because: (no reason given)




posted on Apr, 29 2011 @ 05:24 PM
link   
Well how much dam it!?
Ahhh upwords of 100,000....not bad..Im in

edit on 29-4-2011 by logicalthinking because: (no reason given)



posted on Apr, 29 2011 @ 05:48 PM
link   
I like this picture it says a lot.




posted on Apr, 29 2011 @ 05:51 PM
link   
reply to post by shikori
 

They have 2.2 million credit card numbers.

...and they are asking just $100,000?



posted on Apr, 29 2011 @ 06:01 PM
link   
Stupid hackers



posted on Apr, 29 2011 @ 07:12 PM
link   
since its all electronic, it would be hard to use any of them and get away with it. but i guess they ARE hackers...methinks paypal themselves $100 from each card, that would be 220 million.



posted on Apr, 30 2011 @ 03:28 AM
link   
*bangs his head on the floor*


Originally posted by shikori
Kevin Stevens... has seen discussions about the supposedly stolen database on hacker forums. Apparently hackers are claiming to have a copy of the database and are asking for a price “upwards of $100,000.”


Yeah, because hackers never lie to make themselvse look more important.

Without passing judgment one way or another (yet), I have to say it's pretty flimsy to use 3rd hand conversation of a hacker as fact.


Originally posted by shikori
One of them even describes the supposed format of the PSN credit card database, which includes credit card numbers, card security codes and expiration dates.


Note: For reference, the actual data the hackers say was stolen was "fname, lnams, address, zipcode, country, phone, email, email password,dob, ccnum, cvv2, exp date" ... A couple things. I am guessing that "lnams" was a typo by the hacker. Also, and this is easily explainable probably, but there isn't any real consistency to what format the questions are asking. In some situations, they use what looks to be shorthand or one-word versions of the categories, like you would expect the system to use. Then later, he uses two-word versions of "email password' and "exp date".. Unless the hacker was being lazy, if he was using a legit listing of what was available, I would expect it to be constant. In other words, since he typed "exp date," he probably would have typed "first name" and not "fname". Again, I admit that last part is eaily explainable if the guy was just lazy.

Now, a couple things:

- Sony doesn't keep card security (CSC or CVC) codes.
- This "list" doesn't even point to a username. If Sony wanted to connect the user and their data, they would not just use the billing information only. At some point, that same data needs to be connected to a user account to even happen. Otherwise, you would be forced to input the data every time you used it (which obviously would make this all irrelevant).
- Sony would have not bother attaching email addresses to credit card information (they would connect them to the user account, which as I said before, isn't connected to the credit card), and they would not care about what the password is. To those who use(d) PSN, do you REALLY remember giving them your password for a third-party email account? Sony would have no use for this, wouldn't ask for it, and in fact DIDN'T ask for it. Additionally, I don't recall them asking for my phone number.

Again, if anything, they would connect the username account to an email address and THEN connect it to the CC info. But there is no sign that the supposed databases are connected in any way with any sort of user ID.

Think about it. What you are implying is that Sony is using 2 different databases connected with a ridiculous value. In this case, the value would really have to be the email address. See above to understand why this is stupid.

(Note, if you really think that Sony is just lying to cover their ass, nothing after this part will change your mind. Quit reading.)

A couple of other important facts that were said, but glossed over for more exciting rumors:


Sony has previously claimed that there is no evidence that credit card data was stolen, but that it couldn’t rule out the possibility.


Sony DID say that the possibility MIGHT be there that it got out, but they have said this statement is just "out of an abundance of caution."


So far, there is no confirmation that credit card information has been stolen, that the PSN database is real or that the hackers are trying to sell it.


Again, as this quote shows, there is no proof from real sources. Additionally credit card companies have not yet seen any hint of any improprieties stemming from this. There is one concession to be made on this point, though. That activity might not have happened yet because people are still trying to sell it and haven't used it yet.

People, this is really the epitome of basically a non-issue. Did Sony screw something up? Yep, probably so. And while you can whine about how it ruins Sonys reputation for a long time, it really doesn't. They will figure out what happened and it won't happen again. And considering this is a non-issue, saying "I won't give them the chance to screw up again" doesn't cut it. Does it mean anyone has their accounts in danger? Absolutely not, unless you think someone using your username for PSN-specific, non-financial actions matter. Does it mean anyone has financial concerns to be worried about? Absolutely not.


Now, after all that, let me take another route, as a big "what if" scenario... What if the credit card data did get out?

This has happened many, many times over the years with other companies, and people get outraged at first, but it blows over and nothing else is ever said. You know why? Because nothing became of it. Nothing has ever become a problem because of leaked credit cards. At least on any significant scale. Before you point out exceptions, I will point out the word "significant" in my last sentence. People are much more liable to be a victim to social hacking.

If you want to be outraged, be outraged at places that use security questions to reset passwords. Once you know that security question, it doesn't matter how often the legit user changes their password, you can follow up right behind them and just change it to whatever you want.

OK, that last part was off-topic.



posted on Apr, 30 2011 @ 03:07 PM
link   
This is why the made PSN cards so that people wouldn't have to leave CC details on the network. I as a PS3 owner have been affected by these "hacks" but, this downtime has stopped me playing Gran Turismo and let me focus on my College work.

But I hope they find this hacker and let the US/Japanese Goverments to do what they please with the individual (mind control tests/human guinea pig). I have NO respect for hackers unless they are trying to reveal Goverment secrets.




top topics



 
1

log in

join