*bangs his head on the floor*
Originally posted by shikori
Kevin Stevens... has seen discussions about the supposedly stolen database on hacker forums. Apparently hackers are claiming to have a copy of the
database and are asking for a price “upwards of $100,000.”
Yeah, because hackers never lie to make themselvse look more important.
Without passing judgment one way or another (yet), I have to say it's pretty flimsy to use 3rd hand conversation of a hacker as fact.
Originally posted by shikori
One of them even describes the supposed format of the PSN credit card database, which includes credit card numbers, card security codes and expiration
Note: For reference, the actual data the hackers say was stolen was "fname, lnams, address, zipcode, country, phone, email, email password,dob,
ccnum, cvv2, exp date" ... A couple things. I am guessing that "lnams" was a typo by the hacker. Also, and this is easily explainable probably, but
there isn't any real consistency to what format the questions are asking. In some situations, they use what looks to be shorthand or one-word
versions of the categories, like you would expect the system to use. Then later, he uses two-word versions of "email password' and "exp date"..
Unless the hacker was being lazy, if he was using a legit listing of what was available, I would expect it to be constant. In other words, since he
typed "exp date," he probably would have typed "first name" and not "fname". Again, I admit that last part is eaily explainable if the guy was
Now, a couple things:
- Sony doesn't keep card security (CSC or CVC) codes.
- This "list" doesn't even point to a username. If Sony wanted to connect the user and their data, they would not just use the billing information
only. At some point, that same data needs to be connected to a user account to even happen. Otherwise, you would be forced to input the data every
time you used it (which obviously would make this all irrelevant).
- Sony would have not bother attaching email addresses to credit card information (they would connect them to the user account, which as I said
before, isn't connected to the credit card), and they would not care about what the password is. To those who use(d) PSN, do you REALLY remember
giving them your password for a third-party email account? Sony would have no use for this, wouldn't ask for it, and in fact DIDN'T ask for it.
Additionally, I don't recall them asking for my phone number.
Again, if anything, they would connect the username account to an email address and THEN connect it to the CC info. But there is no sign that the
supposed databases are connected in any way with any sort of user ID.
Think about it. What you are implying is that Sony is using 2 different databases connected with a ridiculous value. In this case, the value would
really have to be the email address. See above to understand why this is stupid.
(Note, if you really think that Sony is just lying to cover their ass, nothing after this part will change your mind. Quit reading.)
A couple of other important facts that were said, but glossed over for more exciting rumors:
Sony has previously claimed that there is no evidence that credit card data was stolen, but that it couldn’t rule out the possibility.
Sony DID say that the possibility MIGHT be there that it got out, but they have said this statement is just "out of an abundance of caution."
So far, there is no confirmation that credit card information has been stolen, that the PSN database is real or that the hackers are trying to
Again, as this quote shows, there is no proof from real sources. Additionally credit card companies have not yet seen any hint of any improprieties
stemming from this. There is one concession to be made on this point, though. That activity might not have happened yet because people are still
trying to sell it and haven't used it yet.
People, this is really the epitome of basically a non-issue. Did Sony screw something up? Yep, probably so. And while you can whine about how it ruins
Sonys reputation for a long time, it really doesn't. They will figure out what happened and it won't happen again. And considering this is a
non-issue, saying "I won't give them the chance to screw up again" doesn't cut it. Does it mean anyone has their accounts in danger? Absolutely
not, unless you think someone using your username for PSN-specific, non-financial actions matter. Does it mean anyone has financial concerns to be
worried about? Absolutely not.
Now, after all that, let me take another route, as a big "what if" scenario... What if the credit card data did get out?
This has happened many, many times over the years with other companies, and people get outraged at first, but it blows over and nothing else is ever
said. You know why? Because nothing became of it. Nothing has ever become a problem because of leaked credit cards. At least on any significant scale.
Before you point out exceptions, I will point out the word "significant" in my last sentence. People are much more liable to be a victim to social
If you want to be outraged, be outraged at places that use security questions to reset passwords. Once you know that security question, it doesn't
matter how often the legit user changes their password, you can follow up right behind them and just change it to whatever you want.
OK, that last part was off-topic.