If you’re an active Sony Playstation network user, you’re aware that it was “game over” last week as hackers made their way into the network and made off with a ton of your personal data. Sony has said that they are not certain whether sensitive credit card data was taken.
According to discussions in underground hacker forums, the hackers got your numbers.
Comments in these forums, which are being monitored by security researchers, reportedly claim that the hacked database included customer names, addresses, usernames, passwords and up to 2.2 million credit card numbers.
The hackers hope to sell the data for $100,000 according to Trend Micro senior threat researcher Kevin Stevens. According to one of the possible hackers, the data has been offered to Sony themselves but the company has allegedly not responded to the demands yet.
“To my knowledge there is no truth to the report that Sony was offered an opportunity to purchase the list,” said Patrick Seybold, senior director of corporate communications and social media at Sony.
Not everyone is buying it.
“Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers,” said Mathew Solnik, a security consultant with iSEC Partners.
The hackers in the forum had detailed information about the servers that were attacked. The exploit they described is consistent with the presumed vulnerability – hacking into a Playstation 3 console and attacking through the hardware credentials once on the network.