Thursday, April 28, 2011
NEW YORK (AP)
Sony is telling PlayStation users that it had encrypted the credit card data that hackers may have stolen, reducing but not eliminating the chances that thieves could have used the information.
Sony Corp. said in a blog post Wednesday that while it had no direct evidence the data were even taken, it cannot rule out the possibility. It did not say how strong the encryption was, and it is possible for hackers to decipher files that are weakly encrypted — it’s just more difficult.
“All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken,” the company wrote in its blog post.
On Tuesday, Sony had said that account information, including names, birthdates, email addresses and log-in information, was compromised for certain players using its PlayStation Network. In an earlier blog post, the company had said that data had not been encrypted and had been kept in a separate location from the credit card information.
The company said it is in the process of moving its network infrastructure and its data center to a new, more secure location, though it did not give any more details. And it said it is working with law enforcement to investigate who is responsible for the attack.
Meanwhile, Ohio Attorney General Mike DeWine today warned users of the PlayStation Network and Qriocity to monitor their bank accounts and to watch for email scams.
"Consumers should be skeptical of any e-mails that claim to relate to the situation, and they should watch their bank statements closely," DeWine said.
He also advised users to check with Sony for updates.
Sony shut down the network last Wednesday after it said account information, including names, birthdates, email addresses and log-in information was compromised for certain players in the days prior. It said it expects to have some services back up by next Tuesday, though it added it will only restore operations if it is confident that the network is secure.
Microsoft Corp., meanwhile, warned players on its Xbox Live network that they may be the subject of “phishing” attempts while playing “Call of Duty: Modern Warfare 2” online. It said on its support website that it is working to resolve the issue. Phishing scams are attempts to pry personal information out of people, most often through official-looking emails but also other types of messages.
“Phishing is an unfortunate and common threat on the Internet, and this problem is not related to the Xbox Live service. We are aware of the problem and working to resolve,” said Microsoft spokesman David Dennis.
He declined to comment on the Sony situation.
Sony says that of the 77 million PlayStation Network accounts, about 36 million are in the U.S. and elsewhere in the Americas, 32 million in Europe and 9 million in Asia, mostly in Japan.