Sony’s admission that 77 million PSN accounts are in the hands of hackers has been followed by scores of reports alleging credit card fraud as a result of the leak, which Sony dismisses with its assertion that there is “no evidence” of the cards being leaked, although they concede they “cannot rule out the possibility.”
Innumerable reports of credit card fraud are being reported as the result of the Sony breach:
“My American Express card was compromised over the weekend. This card sits in a drawer in my house for emergencies, but I did use it once on my PSP for an account.
Luckily American Express is very good at notifying me immediately after the first fraudulent purchase.”
“About two or three days ago, my bank notified me that I had gotten my own [credit card information] stolen, the one I use for my PSN account, and with it a ticket was purchased through a German airline for nearly $600.
They are still looking into the fraud charge meaning that right now I have a negative $500 in my account, with no good chance that I’ll be getting that back any time soon.”
“I also had an attempted fraudulent charge on my American Express card, about $8,000 going to some Japanese store. This all happened about when PSN started having trouble, so I’m betting this had something to do with it.
My advice: if you have your credit card info on PSN, watch your accounts like a hawk. I’m buying pre-paid cards from now on; you know, if I decide to ever spend money on PSN again.”
“I logged into my bank account just to check everything was OK and I found out there was some just over $2,000 in charges which I didn’t personally accrue.
There was a number of early transactions on the 23rd of amounts under $1, which they say is the usual kind of test run that fraudsters do and then there’s been a number of transactions of larger amounts, including domestic flights within Australia, bookings at Best Westerns [hotels] and what not.”
It must of course be stressed that this could all be sheer coincidence, or the result of blame for unrelated fraud unfairly being placed on Sony.
In fact, Sony does seem to claim all this is coincidence, though they do at least advise anyone silly enough to have shared their card details with them to treat them as stolen:
Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken.
The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
Q: Was my credit card data taken?
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.
If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
There is already talk of billions of dollars of litigation, fines and compensation, to say nothing of the ruination of the PSN’s future business prospects, so it seems likely Sony will be reeling for some time to come.
Regarding when the PSN will be back up, Sony promises it will only be brought back when it is confident the network is “secure” (if this means anything coming from Sony), and provides the rather interestingly worded assurance that “we expect to have some services up and running within a week from yesterday.”