Sony PlayStation hack leads to credit cards and passwords insecurity

by CXOtoday Staff    Apr 28, 2011

CyberCriminalIT security and control firm, Sophos, is back, this time advising users of Sony’s PlayStation Network that they are at risk of identity theft after hackers broke into the system and accessed the personal data of videogame players. The implications of the hack, which resulted in the service being offline since last week, are only now becoming clear as Sony has confirmed that the hackers, who broke into the system between April 17th and April 19th, were able to access the online gamers‘ personal information.

“If you’re a user of Sony’s PlayStation Network, now isn’t the time to sit back on your sofa and do nothing. The fraudsters won’t wait around - for them this is a treasure trove ripe for exploiting. You need to act now to minimize the chances that your identity and bank account become casualties following this hack,” said Graham Cluley, Sr technology consultant, Sophos. “That means, changing your online passwords (especially if you use the same password on other sites), and considering whether it would be prudent to inform your bank that as far as you’re concerned your credit card is now compromised.”

The security firm advised users to take immediate action to ensure that their online identities are secure, and that fraudsters cannot take advantage of stolen credit card information.

Sony has warned that hackers have been able to access a variety of personal information belonging to users including - Name, Address (city, state, pin code), Country, Email address, Date of birth, PlayStation Network/Priority password and login and Handle/PSN online ID. In addition, Sony warns that profile information - such as history of past purchases and billing addresses, as well as ‘secret answers’ given to Sony for password security may also have been obtained. Sony also admits that it cannot rule out the possibility that credit card information may also have been compromised.

“The fact that credit card details, used on the network to buy games, movies and music, may also have been stolen is very disturbing,” continued Cluley. He stated that, losing credit card information, is no different from losing credit card and that the card should be canceled immediately. Questions clearly have to be asked as to whether Sony was ignorant of PCI data security standards and storing this and other personal data in an unencrypted format. All in all, this is a PR and security disaster for Sony.