PlayStation credit card data was encrypted, Sony confirms

But mystery still surrounds motivation for attack

Customer credit card data held by Sony as part of its PlayStation Network (PSN) and Qriocity services was fully encrypted, the company has confirmed in the aftermath of last week's massive hacking data breach.

The news reinforces that the company was in compliance with the encryption element of the Payment Card Industry Data security Standard (PCI-DSS), which applies to any larger company that handles credit card numbers.

However, Sony has refused to rule out that the data could still have been compromised, a veiled reference perhaps to the remote possibility that hackers also accessed the keys used to scramble the data as part of their rampage. To use the cards attackers would also, in theory, need to obtain the three-digit card verification numbers, which are not stored by payment systems, although this system is far from foolproof.

The company's latest advice is that customers closely monitor statements associated with the credit cards used on PSN, identifying which numbers were used from conformation emails sent by Sony at the times the transactions were made.

Who was behind the attack could turn out to be the most important element of this extraordinary story.

On the face of it, the PSN attack bears the hallmarks of being a straightforward attack by criminals in search of profitable data, but there is circumstantial evidence that the motivation might have been ideological.

In a Q&A posted on its site yesterday, the company admitted that its Sony Online Entertainment (SOE) had also experienced a "service interruption" due to an external attack. Assuming this wasn't plain coincidence, it seems unlikely that a conventional criminal attack would devote resources trying to 'down' the company's branded websites.

Criminals also use the modus operand of stealth, stealing smaller amounts of data over a longer period of time in order to remain undetected. By that standard, the attack on the PSN a week ago is more like crashing a tank through the front gates. Some have speculated that criminals saw the opportunity to attack Sony at a time when others might be blamed.

The motivation is important because it could affect what happens to any data stolen during the breach, including the wealth of personal subscriber data other than credit cards that was not encrypted by Sony.

If anti-Sony hackers were behind the attack, the data is unlikely to be sold to criminals and some of it will likely appear online as a way of embarrassing Sony. If the attack was by professional criminals, by contrast, no responsibility will ever be taken and the data will disappear on to the black market.

Tags Personal Techsecuritygamessony

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John E Dunn

Techworld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?