PSN Victims Report Credit Card Fraud

sony-psn-logo-2

Sony’s admission that 77 million PSN accounts are in the hands of hackers has been followed by scores of reports alleging credit card fraud as a result of the leak, which Sony dismisses with its assertion that there is “no evidence” of the cards being leaked, although they concede they “cannot rule out the possibility.”

Innumerable reports of credit card fraud are being reported as the result of the Sony breach:

“My American Express card was compromised over the weekend. This card sits in a drawer in my house for emergencies, but I did use it once on my PSP for an account.

Luckily American Express is very good at notifying me immediately after the first fraudulent purchase.”

“About two or three days ago, my bank notified me that I had gotten my own [credit card information] stolen, the one I use for my PSN account, and with it a ticket was purchased through a German airline for nearly $600.

They are still looking into the fraud charge meaning that right now I have a negative $500 in my account, with no good chance that I’ll be getting that back any time soon.”

“I also had an attempted fraudulent charge on my American Express card, about $8,000 going to some Japanese store. This all happened about when PSN started having trouble, so I’m betting this had something to do with it.

My advice: if you have your credit card info on PSN, watch your accounts like a hawk. I’m buying pre-paid cards from now on; you know, if I decide to ever spend money on PSN again.”

“I logged into my bank account just to check everything was OK and I found out there was some just over $2,000 in charges which I didn’t personally accrue.

There was a number of early transactions on the 23rd of amounts under $1, which they say is the usual kind of test run that fraudsters do and then there’s been a number of transactions of larger amounts, including domestic flights within Australia, bookings at Best Westerns [hotels] and what not.”

It must of course be stressed that this could all be sheer coincidence, or the result of blame for unrelated fraud unfairly being placed on Sony.

In fact, Sony does seem to claim all this is coincidence, though they do at least advise anyone silly enough to have shared their card details with them to treat them as stolen:

Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken.

The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

Q: Was my credit card data taken?
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.

If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

There is already talk of billions of dollars of litigation, fines and compensation, to say nothing of the ruination of the PSN’s future business prospects, so it seems likely Sony will be reeling for some time to come.

Regarding when the PSN will be back up, Sony promises it will only be brought back when it is confident the network is “secure” (if this means anything coming from Sony), and provides the rather interestingly worded assurance that “we expect to have some services up and running within a week from yesterday.”

Leave a Comment

183 Comments

  • Anonymous says:

    Well I just checked with my credit card company and there has been no activity on my card that I cannot account for. I will check back regularly for a while, so if something does happen I can just report it. Yay for Zero Cardholder Liability laws!

  • Anonymous says:

    To sum up what’s on my mind is,
    “You get what you pay for.”

    Yeah, yeah, I know I’m probably get flamed or what not for this post as an Microsoft fan or what ever, I don’t care.

    Look at it like this, you spend $50 – $100+ (or what ever currency based on your location) for your home phone, cell phone, internet, cable or any combination of these things per month. Per Month. Yeah, Sony has the PSN for ya to play for free. Okay, cool. Everyone loves free stuff. Even me.

    Lets look on the flip side.

    Microsoft has their network, yeah anyone can have a Silver membership, however, you have to pay to have a Gold membership so you can play online against other people. Pricing varying between $25 for 3 months to play, or $60 for a full year. Obviously yeah $60 bucks for a full year nice deal instead of the $25 bucks every 3 months totaling a $100 for a year, savings of $40 for the consumer. Comparing to what you normally spend a month for your internet, cable, cell, and / or house phone, still for a year, that’s still a small amount to pay for a service.

    But take a moment, look where that money goes. That money goes towards the people and their paychecks that monitor and maintain the network and the security of that network to help prevent things like what happened to Sony from happening. Yeah both Sony and Microsoft get their money from their varying points cards for added game content. Microsoft makes just a bit more so they can keep their network maintained and secured.

    As I stated in the beginning of this post, You get what you pay for.

  • With this Sony will have to sell itself along with its blu ray technology to Nintendo and then a new age is born where Microsoft and Nintendo are the only players left and 4 small console newcomers try to make it in the loop. THE FIGHT IS ON!!

  • Man its like some of you people are mentally handicapped. If you say Fuck Sony why bother debating on there practices. It would be much easier to “go xbox” then argue at how bad Sony’s security is.

  • lulz @ all the Sony employees and fanbois on this thread! Naw, contact credit and other personal information wont impact my life what so ever. Identity theft is something i see on tv it could never happen to someone like me in real life, it’s just Sony introducing me to random strangers.

    Zetsuboushita!!! Sony’s lax security has left me in despair!

  • 77 million effected, forcing people to watch their creditcard info. of course there will be some coincidences. also, if over time people did get yor creditcard info, best time to make a big purchase will be now as everyone would look at the ps3 and not where it really came from.

  • Discover has reported over 45,000 in attempted purchases using my card. Card has been canceled and re-issued. The tip off was it was being converted to Russia’s currency. So we now know these hackers are those faggots in Russia.

  • No signs on any problem with mine. My guess is nothing will really happen as too much data was taken to be of any use. It would take them year to make use of any of it, by time they get to the data it will be old, obsolete and useless. Especially as they know Sony told every one making the data they took now useless as everyone likely changed it already.

  • Well the people who are claiming their credit cards are been used but really making purchases themselves should reconsider the consequences, if they make a claim and sony proves at a later date that the credit cards were secure at breach.. than the card providers will be investigating the card owner.

  • Vegeta! What’s your scouter say about sony’s credit score!?

    vegeta: I-It’s… UNDER -9000!!! Impossible!! How could they have such a Low Credit Score?!

    well we are talking about sony here, No one gives them a lot of credit for anything.

    • These are fake, greedy people. A true source right here: “Spokesmen for Wells Fargo & Co., American Express Co. and MasterCard Inc. said they were monitoring cardholder accounts and hadn’t seen unauthorized activity relating to Sony.”

  • If all of these fraudulent purchases can be tracked, then the hacking group could be found. Then again, they will obviously be smarter than to use the cards in ways they could be tracked to the right place…. I mean they hacked fucking PSN. They’ve gotta be smarter than that.

  • Coincidences do happen, but if someone has never had fraud issues before, and a security leak like this happens just before they get notice of fraudulent charges on their card, odds are they are going to think it is the security leak that caused it.

    People on Sancom talk really big, but if it had happened to any of you and you had lost hundreds or thousands of dollars, after previously having no such issues, you’d probably be blaming Sony too.

    Really though, the bigger threat IMO is identity theft. Sony pretty much admits that all the personal info is out there.

  • Well, there’s one more potential game industry reference in Hyperdimension Neptunia Mk.II:

    Remember those Processor Unit (Goddess Armor) sets? This time, put in character exclusive armor sets with a trophy for completing each set. For Black Heart, the trophy can be called “Not enough protection!”. There, who’s not to like some self-deprecating humor?

    …Oh, dear. I can’t believe I’m making fun of a disaster I’m part of. [Shrug] Eh, the feeling will go away soon; better to keep myself sunny. ^_^

  • leaks to sony is like leaks to BP.

    I can see how bad sony has it now:
    -tell the truth and say how bad it is = fucked up
    -don’t say anything, saving face = fucked up
    -pretending nothing’s wrong = fucked up
    -blaming it on the consumer = fucked up

  • These people are just silly and using it to exploit the system. A hacker isn’t going to use this for domestic flights or to stay at a hotel. They’re more likely to use it on purchasing goods online and having them sent to a dummy location and pick them up at some later time.

    From working at a hosting company I can tell you that there are some people that do very little to keep users data secure. I’m sure Sony used measures beyond what is necessary to protect data; besides, there is no system that is immune to being hacked. Give enough hackers enough time and the incentive to hack it, they will do it.

    The only blame I put on Sony right now is not being able to determine how extensive the hack was in a timely manner.

    • I’d say a lot of people are going to make false claims against sony in order to try con money out of them.

      Still I do believe data with sony will be mostly secure enough. I imagine that it was far more secure than most websites and after this they’ll have to pour considerable resources into beefing up security so it doesn’t happen again.

      Anyway I’ll trust them again at least one more time anyway. No dodgey transactions going through my card but keeping an eye on it.

      • I can only hope you are right.. If the breach really was, as rumors say, caused by PSN security relying on the console being safe then they are crazy and deserves whatever bad things they get because of this..

        But for now I will give them the benefit of a doubt and hope they actually had that “very sophisticated security system” protecting them.

        • I imagine Sony is justifiably getting a liable suit as well since the news is lying about the no encryption/”Plain text” bullshit. Their source was a fucking /g/ thread and a fake irc record.

          The credit card info is hashed and Sony, like all online retailers, don’t retain the security code, so no online purchases with the information on there can be made.

          Hell you can’t even open a new card with name and address or email unless your dumb enough to use the same password everywhere and have your SSN in an easy to reach area like your Gmail accounts.

          If anything you could say that microsoft and google are to blame for people falling for Phishing schemes on a daily basis.

    • Actually, no. No sane hacker would try to use the stolen CC info for himself, he’d be caught within weeks. They sell the date to specialized criminal syndicates, who’ll then launder the money by using the credit cards to make hard to trace purchase all around the world. See the post for examples (which are almost certainly cases of stolen credit card info, though that doesn’t mean that there’s any relation to the Sony incident.)

    • Well sony screwed up and betrayed the trust of customers so it’s only fair that they get screwed up in turn. Data loss happens, breaches happen, but it’s entirely the company’s responsibility to secure their data as much as possible and keep up to date with vulnerabilities. No matter the reason, sony has been trusted with user data and MUST protect it over their lives.

  • Seriously…a German Airline ticket worth only 600$?! Assuming If that hacker person was American or Japanese living in their native country … wouldn’t the ticket cost as much as 1000$ or more and that’s not even a first class seat! Fail part on the fraud “Credit Card Fraud”.

    Who the fuck wastes money on an airline ticket only? I’d buy everything from a new Laptop to a Ipad , sound system or a FUCKING CAR.

  • I always delete my credit info after a purchase on the PSN, but since the hackers also stolen purchase history, I made a precaution and had my card canceled (which was going to expire in this year)and now I’ll have to wait 4-5 business days to get a new one. But it’s cool now since my account is safe and I can always go to the bank whenever I’m at work. So no worries here, just can’t say the same for everyone else, especially Sony since they screwed up in security and now someone in California had filed a lawsuit on them.

  • My theory: There are always people getting scammed. I believe “some” of these victims lost their credit info through other means than the PSN Outage. Now they’re using the PSN as an excuse to gain back some money.

    FBI support was hired by Sony yesterday, that means you can rest assured if your in America.
    People can at least stop bragging that Sony isn’t doing enough now. That Anti+DDOS Company + FBI + Sony Engineers should be more than enough to trace and arrest the hackers.

    My take on how it happened:
    Anonymous uses “Internet Bully” cause Sony = Unfair.
    Sony uses “Release Geohot” = Anonymous shuts up.
    Anonymous backs down = Rogue Cells of Anon shut down PSN (Likely Real Criminals)

  • It’s all talk though.

    Is there a law they can get sued under? (Sorry man, the arguments you use to defend attention whores like Geohot, also work when defending Sony.)

    Can you prove gross negligence on their part?
    Hard IMO.

    Do you haters really want Sony gone so bad?

    All they ever wanted was to sell a video game console.
    But some people with entitlement complexes appear to believe Sony owns them the moon or something.

    With them gone, it’s one less player in the console market, less competition.

    I’m sure MS would be super happy if Sony left. All they have to content with would be the relatively small Nintendo, who they can easily burn to the ground with “dirty tricks”. **

    After that when they practically own the joint, it’s time to start abusing that position. Poor quality hardware and high prices here we come.
    Who is going to stop a MS with a dominant industry position to leverage and more money than God from their other 2 monopolies.

    ** You know, undercutting their competition until they go bankrupt then raise prices, bribing “allies” of their competitors (they are doing it right now; Sony knows it doesn’t have the money to fight them with, so spend what they had on internal studios instead), strong-arm retailers, … etc

    The list goes on.

    MS has the moral fiber of a full-blown sociopath.
    This is their internal marketing training documents their bumbling lawyers forgot to seal in a lawsuit against them:
    http://www.groklaw.net/articlebasic.php?story=20071023002351958

    • With all due respect, this is a case of Sony not doing their due diligence or monitoring who has copy rights to a file/who accesses a file.

      Yes, it is hard to prevent inside attacks like this one apparently is shaping up to fit into that category. However, it is nowhere NEAR impossible when certain common sense steps (such as encrypting things out the wazoo) are taken.

  • I had my credit card on PSN and frankly, I don’t give a flying fuck about the breach. If there are fraudulent charges, it’s not like I’ll have to fork over anything for it since my card waives even the $50 max fee mandated by law. Let the hackers have a field day. It’s not going to hurt me any.

      • In the initial discussions about this issue, people were saying there was evidence pointing towards there being a hole in their security for weeks now. If Sony knew about it for that long, but they only took it down after they got hacked, then yes it is “not enough”.

        If Sony didn’t know, then maybe they need to hire someone to read online gossip all day so they stay informed about the security goings-on in their own damn company.

        Places get attacked every day, and nothing is truly “hack proof” unless you take it offline entirely, but things like this are why storing personal and CC info is a dumb move to begin with.

        • They should informed public when the shut down PSN 4 to 9 days ago but it took a Government official to make them admit they had issues and security breaches.

          Good thing I only used Cash card only I know stuff like this would happen.

  • Simple fact of the matter is that you can’t trust any corporation to be responsible with your personal information. There’s a trend in conforming to security precautions, which utterly defeats the purpose of security when everyone uses the same measures (see central point of failure).

    You can however take steps to protect yourself. There is no real reason why your PSN has to have real information about you, invent a person. Use those cards you can buy in stores for PSN cash or disposable credit cards to conduct your purchases. Do not link your PSN account to other accounts (like google, steam, etc), instead create new accounts on those services to link to your PSN, again invent new persons to fill out the personal info on those.

  • When I went to the bank the other day to get a new debit card because of this fiasco, the lady told me that one other person had already been in that morning to do the same thing. It was definitely an inconvenience, but it only took thirty minutes.

  • If i remember right, Sony has some fierce competitors?
    Is there some tiny possibility of them hacking PSN and doing some sabotage?
    Even with purchasing Sony equipment for PSN anonymously, and raising numerous claims of frauds to lighten Sony`s purse a little?
    Just guessing.

  • A security breach can happen to any company, even banks. Sony did what they could, and still continue to do so. Meanwhile, massive loss of money is likely to await them, only made worse by sensationalism, outright lies and alarmism.

    • Well, they waited 4-5 days before telling people a hacker could possibly have had access to your credit card data.
      That is 4-5 days for the hacker to spend all your money without you even knowing it’s stolen…

      • Some of these people are mere opportunists, simply seeking the chance at an easy buck. They’re probably none too smart with their card information to begin with and had it stolen through other sources or scams as a result of their own stupidity. There are those that simply become unlucky, however. Personally, I only use one credit card which has a very low limit and is for emergencies only. The rest of the time I use a debit card on an account where I can put in only what’s needed to make a purchase.

        • QUOTE *has joined the lawsuit, even tho the CC used was canceled 3 years ago, and I blanked the info associated with my PSN, I still got notice from my old bank about somebody trying to use it. But it was denied thankfullly” END QUOTE

          You sir are a liar. No financial institution would contact you over an credit account that had been canceled for 3 years already. Secondly to add a card to PSN it must be a valid working card.

        • Yeah, because you’re so moral as to not jump on that class-action lawsuit. Good job, bro. I personally am not, but there has been no indication of fraud for me yet. When there is, I am expecting my payday.

        • *has joined the lawsuit, even tho the CC used was canceled 3 years ago, and I blanked the info associated with my PSN, I still got notice from my old bank about somebody trying to use it. But it was denied thankfullly

  • These ppl started having problems after Sony said there was an intruder, but they never had problems all that week that they didnt know their accounts could be in danger lol…

    uhm i hope PSnetwork starts runing again i wanna play BBCS >.<, too bad my xbox has red rings =P too haha

  • you know i am mad at both party’s here but i guess most of this started with the ps3 being jail broken but really now people are kinda blowing this all out the water i can understand if people are mad that sony held out on info and didn’t take the threats of hacking to hear but really this is not the first or the last time CC information has been taken the fact that people are acting like it is is sad yet laughable because its sony.

  • Sounds like the comments listed above show a group of people operating out of Africa using the land down under as a passage way across Asia and back again. If they go to Malisya after that it would be pretty certain to a brain damaged person with 1 brain cell working, as I happen to have, that it originated in Africa and thats where the group is. Some type of non stop trafficers groups.

  • I love how people are quick to exploit someone who is having trouble. Seriously, unless your one of the hackers or are working for Sony to fix the problem, you have no clue what really happened and what was stolen.

    There are millions of users on PSN, and there are millions of cases of credit card fraud reported monthly.

    My own credit card was hacked two months ago. I’ve never used it online. But if it happens again tomorrow, I guess I can blame Sony.

  • seriously though how the fuck is it sonys fault if they did what they thought necessary to protect the information and some hacker(rich now) did everything in his power to circumvent that its like suing a builder for builing a house that complies with all the necessary regulations then is wiped out by an earhtquake

    • Who could possibly know ahead of time that someone might want to target a large block of personal and financial information that’s on network accessible systems? Is Sony supposed to be able to foretell the future? Let me put on my Captain analogy uniform. If my computer is infected by a virus it’s my fault for not having the appropriate protections and clicking on that ‘naughty picture of topless Japanese schoolgirls’ link in my email. If Sony fails to safeguard critical user information Sony really couldn’t help it.

      Obviously, Sony should have used Macs instead of Windows machines as servers, or maybe PS3s running Linux.

      • I hope you’re being sarcastic…
        How could someone NOT expect people to attack a large block of personal and financial data on network accessible systems? Especially after there had been threats.

    • You could also blame the people who trusted Sony with their information themselves. Or to put it in your lingo, blame the people for living in a zone where earthquake’s are likely to occur.

      Of course, you could then also say, the builder was a fool for building a house in a earthquake zone without the necessary *insert word* to keep it up in the event that a earthquake occurs – then selling it as a good buy.

      In the end, one thing you can be certain of however is: be wary about trusting another to store or manipulate your information.

  • for all its worth, PSN no longer accept pre-paid or virtual cards. They used to accept them but stopped last year. Which forced people like me to start buying overpriced PSN cards from eBay and such.

  • “Regarding when the PSN will be back up, Sony promises it will only be brought back when it is confident the network is “secure” (if this means anything coming from Sony)”

    Sounds like a Conspiracy Theory to me…

  • Q: Was my credit card data taken?
    A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.

    I guess Artefact forgot the last part.

      • No, it is not likely in the slightest. I get ANGRY as fuck when someone starts spouting that bullcrap. They have to be either paid Sony posters or do not realize that most people would NOT do something like this AND the credit card companies can COME TO YOUR HOUSE TO INSPECT and make sure that thing bought isn’t in your home!

        • Last comment before mine is closer to the damned truth! If you order it online? Wow…. every step of the things journey is monitored!

          You ain’t gonna get away with ordering something online and saying it’s a fraudulent purchase with UPS order tracking.

        • 1. Get your friend to buy a 3 thousand 50″ 3d tv
          2. Store it at a friends house
          3. Blame this incident
          4. Say hello and the bye to the nice inspector men
          7. ????????????
          8. Jail time…Not

        • 1. Buy a 3 thousand 50″ 3d tv via internet
          2. Change shipping address to unoccupied house, unrented house or apartment complex in different neighborhood
          3. Sign for package in a retarded manner opposite of normal manner paying attention to round more or make sharper end (practice makes perfect) and pick up TV at the door
          4. Stash TV in friend’s house
          5. Report credit card fraud
          6. Say hello and then bye to police officer
          7. Grab 3 thousand 50″ 3d tv and gift it to friend or hot chic on major event (birthday/xmas)
          8. Gain major favor in return/emotional debt that’ll translate into huge gift and/or sex
          9. ??????
          10. PROFIT!

        • 1. Buy a 3 thousand 50″ 3d tv
          2. Store it at a friends house
          3. Blame this incident
          4. Say hello and the bye to police officer
          5. Normal well trained detective and Ada supenia store for video of said time and day of purchase
          6. Police see your face on video with tv.
          7. ????????????
          8. Jail time

        • 1. Buy a 3thousand dollar 50 inch 3-d t.v.

          2. Store it at a friend’s place for the weekend.

          3. Report it as a fraudulent expense and attribute it to this incident.

          4. Say hello and bye bye to the nice inspector men.

          5. ??????

          6. Profit.

    • The way I see it, all those people deserve to have their money stolen. How can you not see the simple logic in using dedicated/pre-paid credit card for online purchases?

      I keep one and keep it empty most of the time. I put money on it right before the purchase. So good luck stealing my money, fucking thiefs. I double dare you.

      • Simply? Because most people DON’T HAVE THE MONEY to put 2K on a pre-paid credit card for online purchases.

        Secondly, because those pre-paid cards have MUCH LESS PROTECTIONS to them than regular credit cards.

  • Miriandandes says:

    Take responsibility for your failure, you spineless fucking cowards. I guarantee half of the people affected by this will change their minds if they get a simple;

    “We apologize for our lax security and deplorable attitude towards the situation. We are taking every measures available to fix and restore service, as well as bring those responsible to justice. Please bear with us as we attempt to restore your faith in our company. Again, we are very, very sorry.”

    How fucking hard is thiat?