MSNBC reports that cybercrooks are shopping around information purloined from Sony's network, but not everything adds up.
Source: See below.
What we heard: Yesterday, Sony announced that even though the personal information of some 77 million PlayStation Network accounts may have been compromised during last week's data breach, their credit card information was encrypted. This account appeared to be backed up by a report that said that major financial institutions such as Wells Fargo, American Express, and Mastercard had reported they had found no suspicious activity related to the leak.
Now, though, MSNBC is making headlines with an article that starts off saying that some 2.2 million credit card numbers stolen from the PSN are being shopped around. The story stems from a Twitter post by Kevin Stevens of Trend Micro, a purveyor of Internet security software, which said that cybercrooks were claiming to have the accounts, including first name, last name, address, zip code, country, phone, e-mail, e-mail password, date of birth, credit card number, expiration date, and three-digit security code. That account was backed up by screenshots from a forum by Internet security blogger Brian Krebs.
The official story: As of press time, Sony has not commented on the matter.
Bogus or not bogus?: Probably bogus. Sony said that the PSN, like most online vendors, doesn't store the three-digit security code, so there's no way hackers could have obtained them. Also, by everyone's account, the people claiming to have the information could just be attempting online fraud.
"Yeah, this information about the [three-digit security code] numbers could be bogus. The guys selling the [database] could just be making it up," said Stevens. MSNBC is equally skeptical, saying, "It almost sounds too good to be true. Why, for example, would Sony have the passwords to users' third-party email accounts, such as Yahoo! or Gmail accounts?"
This rumor is proven fake by the PS blog. It's so sad that people will do anything to get attention.
@behemothdog I'm sorry, I meant to say bytes, not megabytes. That was a typo, so the whole file would be around 7.7 GB (100B * 77million) if that were the case.
The data for the actual accounts would be around 10 gigs if they kept it one file, maybe 20 - 50 gigs if they also kept the security codes, email accounts, addresses, and other possible account information. even if it was 100 gigs of info it wouldnt be too hard to get all of it with the poor securtiy sony has had around their content. the persons (s) that did this probably stole the data first then crashed (and probably wiped their entrance) so they could have time to destroy their machines making it even harder to ever prove that is was them who did it. though its unlikely the hackers would think that far ahead or be willing to destroy their computers, but if they really are that smart if really guessing we either wont hear about who did they or only the computers that were used as proxies will be caught.
@squall_83 @JLCrouge I think we all agree that the data file is massive, likely separated into multiple files. I'm sure given the info we already have somebody can figure a solid estimate, but as squall_83 mentioned it's sort of irrelevant. Typical hackers are in and out as quick as possible and usually don't get more than a few hundred thousand lines of data. But, as we know this was not a typical hack. Whoever did this had as much time as they needed and if they wanted CC info they certainly got it. I Personally think there was inside help, I don't see how a hacker could spend that much time, downloading that much data without using admin passwords or inside help to avoid suspicion.
Everyone please keep in mind they're talking about a NEWS NETWORK. OF COURSE they aren't going to get anything right,
@JlCrogue ummm I need further explanation I created a MOC Creditcard info , name adress ,etc In visual studio using VB and the exe file was about 11kb. and 11 kb *77 million is about 8,076MB here is the code Dim cc As Long Dim name1 As String Dim name2 As String Dim MI As Char Dim state As String Dim city As String Dim adress As String Dim pnum As String Dim Bdate As String Dim EXPDate As String cc = 123456789123123123 name1 = "jeremiah" name2 = "davidson" MI = CChar("b") state = "minnatucky" city = "fattyville" adress = " 1234 somethring st apt B" pnum = " 555-444-4444" Bdate = "nov 01 2022" EXPDate = "10 10 2010" Also the CC# has no need to be stored as a Long a String will do as it well as no math will be done with it. or i could put it in a database but i doubt that it will make 1 Set of cc data and personal info 100MB even with a 128 bit encryption (that was on the CC Info ONLY) or did i miss something? edit: i am not trying to be rude i am seeking a degree in programming so any thing helps! p.s. sorry about the format.
@terrascythe Right on. It surely has to be pretty large. 77 million accounts is a lot of info to store. As you said, definitely large enough that you would have thought they would notice. I just had to call you out... 77GB? Preposterous!! lol.
@JLCrogue That can't be right. I don't care what system you're using. There is no physical way that your personal info: name, address, card number etc... could possibly take up 100MB. That is just ridiculous. Unless of course I somehow misunderstood what you were saying.
@squall_83 Each credit card number is 16 digits, which would take up 54 bits of data and that's not enough to be stored in one integer (which take 4 bytes/32 bits). They would have to be stored as a long, which take up 8 bytes each, but only on some machines. That's just the credit card number alone and characters would also take 4 bytes per character that makes up a name. Overall, each account would probably take up to around 100 MB each, so terrascythe was a little more accurate, even though his math was wrong.
@squall_63 You're right, my math was wrong, unless I switch to 1Kb per line but that sounds to high. There really is no way to know how many characters or fields were used in each line, or know the true size of the data file unless Sony tells us, which they haven't. So in that sense my speculation is irrelevant but not unwarranted. Anyways, I know 77 million lines of data is going to be a huge amount of info to download in a hack, upwards of several gigs.
I have a quick question for anyone who has the answer. The question is simple what if i changed my psn email's password? Will the hackers or whoever it is know that i changed it or even know the new password? Thanks to whomever answers this.
@terrascythe Your math is incorrect. 77 million bytes is only 77 Megabytes. And there's really no way to assume how much info is stored in each account anyway so the math is not only incorrect, but also irrelevant.
@mynamesdenvrmax Thing is, this isn't news. It's just rumor and speculation. Someone on a forum claiming to have credit card numbers stolen from PSN? Must be telling the truth because people never lie on the Internet! If you honestly believe that news outlets don't have their own agendas, and never skew the way they report something to make it sound different then it actually is, well, I suppose I envy your naivete.
77 million PSN accounts is 77 million lines of data. With at least 1 byte per line, that's 77 gigabytes of data. That would take over 24 hrs to download, so the hacker had more than enough time to get CC numbers too. How could a hacker have that much unrestricted time inside PSN without being discovered?
ive been reading the same fraudulent psn related credit card charge stories on a bunch of different sites and forums 1. japanese grocery store 2. german airline ticket 3. american express card kept in a draw and only used for psn it sounds like crap people posting to get attention or generate responses
you gotta love the media reporting sensational fraudulent news from unreliable sources walter kronkite is spinning in his grave
Hope there is no plea deal for these people to make an example for anyone in the future who throws honest people to the wind. I do not know about anyone else but they have put me through a lot of work to try and protect myself from future hackers. Hope they're caught and properly punished.
meh could have happened to any Console, just hope there catch the f**ks who did this, people who have to much time on there hands that should have a job. ARGH
Even if it is bogus(which it is), these hackers still all need to go get a real job and start making themselves actually usefull to the world around them. Honestly, some people simply don't have any life at all
Yeah, this is most definitely not true. Anyways, it's most likely that they are trying to lure out the hackers by using these fraudulent claims, but I'm guessing the hackers are much smarter than that.
I think some people were threatened by socom 4 and made sure they attacked as soon as that game were released. However I wouldn't worry about credit card info. It's decrypted. Now if your psn account passwords are the same as your email and bank account passwords change them now. Those are the people who always get exploited.
@Dominicobaggio Why does this mean Microsoft is scared? You really have no idea what you're speaking of.
I've just checked my two credit cards (I'm not certain which is on PSN, it's been so long since I ordered anything) and so far, so good.
This article tells me microsoft are scared. I mean dirty tactics like rumours when your biggest competitor hits some trouble, a bit naughty!!! There is very little anyone can do with your credit card details unless they even use it to purchase things around where you live because as soon as they use it to try to make purchases internationally it will be blocked, so im not scared in teh slightest, even if people have details. (which they wont)
@XileLord No I understand perfectly well how bad getting your personal info and credit card detail stolen is. If the hacker somehow uses your credit card or opens a new account with your name and you get thousands of pounds in debt, that could be horrible. And I do have my own details online, I have a debit card and I do live in a house.... Granted they should have encrypted every bit of info, but there doing everything they can, I'm sure they'll tighten there security after this.
@XileLord I understand your frustration, and you have EVERY right to be mad at sony. However, the hackers that did this are to blame. Take some comfort in the fact that while personal info was taken, Its no more info that is in a phone-book. (minus the E-mail) The CC data had a 128 bit encryption on it and was stored separately, so sony was smart there. As for the story above smells fishy but better be safe and monitor/cancel the CC (i know yours is expired its just a precaution for others) final note: No system is unbreakable, no security is perfect, no kitten is ugly! best wishes dude :)
@Defy_The_Fallen, I don't mean to come off as a fanboy, just can't see how anybody can defend PSN. It's a piss of knowing some jack ass could possibly have my personal information, along with PSN being down. I understand because of your age it might not be a huge deal to you but when you get older and have your credit card info online, along with your own personal information (address, phone number, email) and not you're parents it'd be bound to piss you off to. I can't defend sony, they should be smart enough to have an online system stronger then this.
@XileLord don't worry dude I believe you have a ps3, but in my case if they stole my personal info they can't create a credit card, I'm only 14 and not liable for one. But take a look over your previous comment again, you sounded like a blatant xbox fanboy. And believe me I am by no means a fan boy, sony are doing there best to fix it, were not the only ones losing things here, think of all the profit there loosing from PSN downloads etc....
@Defy_The_Fallen, doesn't stop them from getting one when they have your personal information. It's not so much the credit card stuff that annoys me, it's the fact my personal information was stolen and that sony had such a weak online system that all this could happen. Btw I actually own a PS3, PSN: Hybridiction XBL: Hybridiction, and I honestly do not care if you believe me or not. I'm not a fanboy at all, I'm just saying what you sony fanboys won't say.
@XileLord Dude, they don't have the physical credit card, even if they did have the info it would only been written on paperor in some text document on a PC, they can't physically form a credit card out of thin air. Your just another xbox fanboy thinking he's clever. I have both ps3 and xbox, I'm not one sided because im NORMAL.
You don't need the three digit security code to walk into a store and buy items with another person's credit card. Sony is a joke just like PSN is a joke, just like fanboys who make fun of online services like XBL for charging 5$ a month then try to compare this PSN outbreak to that of an XBL one, which btw has never been weak enough for some hacker to grab a bunch of personal info and credit card info. Not only that but the online play and integration is way better, not only that but safer with xbox live. Sony is a joke, just like PSN. I've gotten tons of phishing attemps lately so it's obvious whoever did this is selling personal info. Makes me wonder how much more they got on me now......luckily my credit card is expired.