PlayStation Network data breach – what you can do

The Sony PlayStation Network (PSN) has been down for a week now. It is expected to be back online within the next week. I’ve never heard of a breach of this size (the next biggest was TJX – 46m), Also, I’ve never known a ‘public network’ to be taken offline and for this amount of time. In my mind there must have been a serious breach of data. Sony today (27th April 2011) have indicated that credit card data – not CVV codes (those three-digit security numbers on the back of bank cards), may well have been compromised. Note: you should be safe from online fraud if the CVV codes haven’t been compromised, but not CNP fraud. 🙁

Latest PSN update 6th May Find out more about US and UK identity theft protection services.

29th April 2011 Update: Hackers are claiming on underground IRC forums, that they are in possession of the credit card data from the PSN hack. Some PSN customers claim to have been victims of card fraud too. Security researchers said discussions (in forum chats) prove beyond doubt that the story is true.

Some readers are probably unaware that the Sony PlayStation Network (PSN) has been under cyber attack since December. It isn’t clear who is conducting these server attacks, but one group might be responsible – “Anonymous”. These are a group of individual vigilantes based all across the globe who responded to Sony’s lawsuit against a hacker called George Gotz (also known as “GeoHot” in the online world).They all work individually so don’t necessarily work as one group, but they do pool their hacking resources from time to time i.e. DDoS attacks on WikiLeaks is an example.

At this time no one really knows what the hackers are intending on doing with the emails,address, birth date, security answers, PSN online ID, username logins and passwords (were these hashed? – guess most PSN passwords were crackable :() of 70 million users. Did Sony store the passwords in plaintext ? I wouldn’t have thought so, but then….

  • Sony will never send emails out asking for personal or financial information – if you do receive an email asking for this information (this is called ‘phishing’), then just DELETE the email.
  • Next up you will want to change your PSN password and if you use this password on any other website I’d change that too. Make sure each website has a different password too.

Today (27th April 2011), Sony admitted that credit card data may have been compromised – what can you do?

  • The credit card companies monitor credit card transactions but you can also do the same if you bank online for example. There isn’t a need to cancel your credit card as credit cards (mainly Western countries) have a guaranteed insurance protection, whereby any loss will be covered by the credit card provider.
  • If credit card companies see lots of PSN charges appearing (especially given the press coverage) they will contact Sony. Cards would be cancelled if there was a fraud and cardholders would be contacted along with a new card being issued.
  • However, if you used a debit card, I’d suggest you do indeed cancel your card (and ask to be reissued with a new one), as the same protection applied to credit cards doesn’t apply to debit cards.

Safe surfing folks!

This entry was posted in identity theft: identity fraud, privacy. Bookmark the permalink.

5 Responses to PlayStation Network data breach – what you can do

  1. Securityshee says:

    Good post Julian. I have a new post on my blog that maybe of interest ” Everything You Need to Know About Sony’s PlayStation Network Fiasco”


Leave a Reply

Your email address will not be published. Required fields are marked *