Sony Assures Credit Card Data Was Encrypted

[YunikoYokai5]

I'm glad I got my old, non-functioning credit card entered in my PSN.

Hmmm, you may have just relieved some worry from my own mind there, I dont think I've used my new card on PSN since getting it issued a few months ago. I only wish I could access the network to find out now

If you go through your e-mail, it should tell you. I got an e-mail confirmation every time I put money into the wallet (then another e-mail because I buying something). Look though, it should be from DoNotReply@ac.playstation.net and the subject should be 'PlayStation(R)Network Wallet Funding'. That tells you what card you have (type and the last 4 numbers, of course XD )

But I'm in the same boat. My debit card expired and I haven't used my new one on it. I think I'll buy those '£10 PSN credit' things I see in Gamestation or GAME...

 

[EchetusXe]

*Checks bank account online.*

Several hundred pounds spent on online pornography.

Nothing out of order there then. Maybe the hackers haven't tried using my information yet.

I lol'd.

But seriously, only a fool spends money on porn now, especially online, what the hell man?

I have no idea but they are keeping thousands of pornstars in employment lol.

 

[Shirokurou]

I hope this helps with that lawsuit.
Cause really Sony's not really at fault for being a target of attack, right?

 

[Jumplion]

This Q&A was released on Sony's blog a day ago.
Kinda late in reporting this.

Just like Sony!

Zing!

I'm starting to feel the air simmer down a bit, which I think is good. I think everyone needs to calm down, take a deep breath, and let Sony find the motherfuckers who caused this whole mess to begin with. Then, if everyone is still fuming a bit, go after Sony if needs be, just wait until the bastard hackers/crackers/whatever you want to call them are behind bars (which, by God, better be soon...)

 

[Emergent]

-snip-Internet Batman strikes again!

At least read it first. From "oh, that" :

for example:

creditCard.paymentMethodId=VISA&creditCard.holderName=Max&
creditCard.cardNumber=**********&creditCard.expireYear=****&creditCard.
expireMonth=*&creditCard.securityCode=***&creditCard.address.address1=
example street%2024%20&creditCard.address.city=city1%20&creditCard.
address.province=abc%20&creditCard.address.postalCode=12345%20

sent as plaintext

 

[Krion_Vark]

Sony, look down.

See the fire? That's coming from your pants.

In all seriousness, I am just glad that I don't own a PS3. I really hope no ones data gets stolen.

The thing about encrypted files is that you can still take them its just they are useless unless you unencrypt them. If someone wanted the CC numbers they would take them encrypted or not and try and unencrypt them. It might be a while but someone will unencrypt them.

 

[Frizzle]

Did everyone miss the quote in this article where Sony said they have no evidence that credit card info was stolen? Only where you live? Not trying to be mean, but it seems like everyone is focusing on certain words, and not the entire sentence...

The Q&A states: "While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility...."

 

[faefrost]

So wait, we shouldn't worry because the CC data was encrypted???

UMMM???

Wasn't the console and the PSN network encrypted as well? how well has that worked out?

 

[Wicky_42]

Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network."

So I guess that you requesting it every time I want to buy something from the Playstation Store doesn't count? Don't lie, Sony.

In their defence, the fact that you need to re-input the code every time shows that it's not being stored, just used per transaction, so I think on that count they are in the clear.

That said, wasn't their console encrypted? What's the bet that they made the same damn mistake with their credit card encryption that they did with their DRM system and have it all open-able by a single key?

 

[wooty]

I'm glad I got my old, non-functioning credit card entered in my PSN.

Hmmm, you may have just relieved some worry from my own mind there, I dont think I've used my new card on PSN since getting it issued a few months ago. I only wish I could access the network to find out now

If you go through your e-mail, it should tell you. I got an e-mail confirmation every time I put money into the wallet (then another e-mail because I buying something). Look though, it should be from DoNotReply@ac.playstation.net and the subject should be 'PlayStation(R)Network Wallet Funding'. That tells you what card you have (type and the last 4 numbers, of course XD

You utterly wonderful person, thank you for this info, just checked it now and it is my old cancelled/destroyed card. Well thats one worry off my mind for now.

 

[beema]

What about this:
http://www.destructoid.com/sony-didn-t-need-your-cc-security-code-except-it-did--199973.phtml

hmmm

 

[Aardvark Soup]

so the hackers that were able to steal pretty much everything from a major corporation will be utterly thwarted by Sony's encryption? sounds sketchy.

Unless they use a practically infallible encryption method like 3DES or RSA with an acceptable key size, like almost everyone in the world does these days. And with practically infallible I mean completely unbreakable without the aid of a quantum computer, time machine or algorithm that mathematicians and computer scientists have been unsuccessfully looking for for about 40 years (that highly probably doesn't exist).

 

[erztez]

so the hackers that were able to steal pretty much everything from a major corporation will be utterly thwarted by Sony's encryption? sounds sketchy.

Unless they use a practically infallible encryption method like 3DES or RSA with an acceptable key size, like almost everyone in the world does these days. And with practically infallible I mean completely unbreakable without the aid of a quantum computer, time machine or algorithm that mathematicians and computer scientists have been unsuccessfully looking for for about 40 years (that highly probably doesn't exist).

You are talking about people who stored unhashed passwords...
Nuff said.

 

[Aardvark Soup]

so the hackers that were able to steal pretty much everything from a major corporation will be utterly thwarted by Sony's encryption? sounds sketchy.

Unless they use a practically infallible encryption method like 3DES or RSA with an acceptable key size, like almost everyone in the world does these days. And with practically infallible I mean completely unbreakable without the aid of a quantum computer, time machine or algorithm that mathematicians and computer scientists have been unsuccessfully looking for for about 40 years (that highly probably doesn't exist).

You are talking about people who stored unhashed passwords...
Nuff said.

Wait... what?! Okay, that's just awful. Forget what I said, I just had the idea Sony was at least somewhat competent in this area...