Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony: 10 Million Credit Cards May Have Been Exposed

Posted by timothy on from the translucency-failure dept.

WrongSizeGlass writes "The LA Times is reporting that Sony has revealed that 10 million credit card accounts may have been exposed two weeks ago when a hacker broke into the company's computers in San Diego and stole data from 77 million PlayStation Network accounts. Sony said it will provide credit card protection services for the 10 million customers whose data were compromised. Sony last week said it had encrypted credit card data, but not other account information, including names, addresses, email addresses and birth dates."

2 of 251 comments (clear)

  1. not just theory by e3m4n · · Score: 5, Interesting

    I just got up to speed on the whole PSN thing. I never once received an email from sony explaining the problems and I was too busy last week to spend an abundant amount of time on /. reading about the security breach. I just got a call today from fraud protection on my debit card tied to my main bank account. They got triggered to suspicious activity when multiple charges showed up in two different states at the same time. Someone had gone to 2 Home depots in FL and ran $100 gift cards 6 times in 2hrs today. This also happens to be the same card I had used to make a purchase from the PSN network a month ago for the DLC of fallout new vegas. To me this seems a little too coincidental to be the victim of some completely different fraud in the middle of this big stink with the 77 million accounts compromised from the PSN.

  2. Re:Fundementally broken system by Stormy+Dragon · · Score: 5, Interesting

    Two big changes that would help:

    1. Make companies legally liable for data losses that are worsened by the companies own negligence. In the Sony case, they've already admitted the breach occured due to a known vulnerablity that they failed to patch. There's also been some suggestion they were storing CVV2 numbers, which they're expressly told not to do by the credit card providers.

    2. Make companies that process obviously fraudulent transcation liable for the losses instead of the card holder. E.g. if someone comes in and starts buying a ton of gift cards with an out of state credit card, and you don't do anything to verify their identity.