EPTPrivate PSN and SOE Info Has Been Stolen including CC #s -…
| Forum Index > General Forum |
|
Grease
United States138 Posts
| ||
|
DannyJ
United States5110 Posts
| ||
|
Jago
Finland390 Posts
On April 27 2011 23:10 MrHoon wrote: EDIT: Wait, do they have my CVC Code on the card? If they don't I dont see any reason to cancel my account... You are naive if you think CVC are some kind of a requirement to actually make purchases with a credit card number. You could start with Amazon for example... | ||
|
inFeZa
Australia556 Posts
But anyway.... wow, seriously? what do i do, i know i had my cc info somewhere on there possibly. Can i sue? :3 | ||
|
razorsuKe
Canada1995 Posts
On April 27 2011 22:42 Ganjamaster wrote: Unless you gave your bank the same fake information (which is a federal crime), how on earth are you going to buy products of the PSN store if your account has fake bank information? I don't give my bank information to anyone, I do online purchases with a credit card specially reserved for online purchases so it can be cancelled anytime without affecting the rest of my life. Plus I believe you can buy those PSN money cards at game stores. From what I remember (it's been a while since I bought anything off PSN) it was a separate entry for purchases since I could be using someone's else's card anyways. | ||
|
maxor
England59 Posts
| ||
|
Kojaimea
United Kingdom277 Posts
| ||
|
Ganjamaster
Argentina475 Posts
On April 27 2011 23:28 razorsuKe wrote: I don't give my bank information to anyone, I do online purchases with a credit card specially reserved for online purchases so it can be cancelled anytime without affecting the rest of my life. Plus I believe you can buy those PSN money cards at game stores. From what I remember (it's been a while since I bought anything off PSN) it was a separate entry for purchases since I could be using someone's else's card anyways. It does not matter if it was a separate entry or not, whatever information you used for any purchase whatsoever is stored in the system. You can have whatever amount of alternate credit cards, the fact remains that whichever you gave to PSN the hackers now have. | ||
CTStalker
Canada9720 Posts
On April 27 2011 21:32 maJes wrote: From what I gathered, they stored everything as plain-text. As a developer this makes me facepalm on so many levels. I'll be interested to see what the implications are for Sony internationally, given that here in the UK we have this little thing called the Data Protection Act which REQUIRES you to store sensitive data encrypted. they processed credit cards, which means they had to be PCI compliant (http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard), so they probably used SSL. i kind of feel like they weren't storing the CC#s either, because then they'd know for sure that all the CC data had been stolen. since the communication between their web server and internal servers probably isn't encrypted, once an attacker was inside, he could view all the CC transactions as they happen. who knows though, maybe they were stupid enough to be storing CC#s | ||
|
wxwx
527 Posts
| ||
|
JMave
Singapore1802 Posts
| ||
|
strongandbig
United States4858 Posts
On April 27 2011 22:22 maJes wrote: No, Anonymous already publicly denied this. Not to say it couldn't have been an anon, but officially it isn't. I have to say, the idea of anonymous issuing public statements always amused me. I mean, who are they speaking for? At most, the members of a single irc channel or /i/ board. The thing really doesn't operate in a way that makes public denials or official positions in general possible. OT: I will lol so hard if it turns out that Sony was actually keeping credit card data in plaintext. My bet is that the credit card info was encrypted, but the IT people were lazy and didn't encrypt the personal info. I'm kind of familiar with corporate law; their lawyers would have had to be involved with setting up the TOU and EULA for the payment system, and there's no way they would let them store CC data unencrypted. However, corporate law hasn't really adapted to the fact that if a hacker steals the other personal data, they can access things like email and amazon.com accounts which can be used to steal money, so it is definitely possible that no one made them encrypt that data. Edit: in response to CTStalker, isn't PSN one of those one-stop-shop kind of things where you can just click purchase and buy something, without having to enter your credit card number each time? It seems like they would have to store numbers, no one wants to enter their CC number with a controller each time they go to buy a $1 marketplace game. If the cc data really was unencrypted, there's a lawyer somewhere who should be reprimanded or disbarred for ridiculous negligence. | ||
|
Leftwing
Canada229 Posts
On April 27 2011 22:35 Arnstein wrote: The hackers have said that they only did this to hurt Sony, and wouldn't harm any of the PS owners. And you believe them? Are you kidding me? Don't be stupid. If your credit card information makes it onto the internet you can be certain someone out there will take advantage of it, and you believe some guy hiding behind his computer wont use the information he has? That's ignorance at its best. | ||
|
maJes
United Kingdom186 Posts
On April 27 2011 23:38 CTStalker wrote: they processed credit cards, which means they had to be PCI compliant (http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard), so they probably used SSL. i kind of feel like they weren't storing the CC#s either, because then they'd know for sure that all the CC data had been stolen. since the communication between their web server and internal servers probably isn't encrypted, once an attacker was inside, he could view all the CC transactions as they happen. who knows though, maybe they were stupid enough to be storing CC#s I think that's why there is uncertainty about the CC numbers. I've worked on PCI compliant stuff before so I'm pretty aware of what needs to be done, whether they did it or not though still remains unknown  Also to the gentleman above re: data protection act, the BBC article on this states that the Information Comissioner (think that's the right title) has said that unless the data was stored in the UK he can't do jack all about it :/ | ||
|
Murderotica
Vatican City State2594 Posts
On April 27 2011 23:15 shinosai wrote: Without the security code, though, how useful is a credit card number? Any transaction without a physical card requires it. Seems like the thing to be more worried about is identity theft / fraud. The only thing that surprises me right now is that PSN never asked for social security numbers. Seems like everyone else does, these days. Okay I see a lot of people saying this and I can guarantee that you do not need a physical card or the security code for some transactions. I order food from this one place over the phone and they only need the credit card number. I'm sure there are other places as well. It might not be like someone buying a car in your name, but if I stole someone's credit card information and I only had the credit card number, I would max that shit on ordering food and stuff lol. | ||
|
Me1234
Germany219 Posts
bought a xbox 2 days ago because I was already kinda pissed about sony but this is ..... | ||
|
Arnstein
Norway3381 Posts
On April 27 2011 23:45 Leftwing wrote: And you believe them? Are you kidding me? Don't be stupid. If your credit card information makes it onto the internet you can be certain someone out there will take advantage of it, and you believe some guy hiding behind his computer wont use the information he has? That's ignorance at its best. Well, I have my sources, let's wait and see  | ||
|
shinosai
United States1577 Posts
On April 27 2011 23:46 Murderotica wrote: Okay I see a lot of people saying this and I can guarantee that you do not need a physical card or the security code for some transactions. I order food from this one place over the phone and they only need the credit card number. I'm sure there are other places as well. It might not be like someone buying a car in your name, but if I stole someone's credit card information and I only had the credit card number, I would max that shit on ordering food and stuff lol. Yea, you're right. I was misinformed about that. I actually thought that it was required. It honestly should be. Either way, this changes little to nothing for me. I check my bank statement nearly everyday. The moment I see a charge that's not me, you can bet it'll be canceled before it gets out of pending. I don't think I'm going to cancel my card until more information is released. | ||
|
MangoTango
United States3670 Posts
| ||
|
Ganjamaster
Argentina475 Posts
| ||
| ||
