Sony says credit card details *were* encrypted, but questions still remain

Credit cardSony has published a new blog entry, confirming that credit card details which could have been stolen in the recent hack of the PlayStation Network were encrypted.

Sony reassured users of the PlayStation Network that “all credit card information stored in our systems is encrypted”, but underlined that it cannot rule out the possibility that the credit card data was stolen.

The fact that encryption was being used on the credit card data is to be welcomed – as it reduces the chances of stolen information being used for fraud.

Credit card details were encrypted

However, there still remains the question about just how strong the encryption is that Sony used on the credit card data.

Sony signSony has once again missed an opportunity to reassure its customers. They should have said in the first announcement of the data loss that the credit card data was encrypted, and they should – in this latest communication – have provided details of the nature of the encryption that was used.

No-one outside of Sony knows how feasible it would be to decrypt the credit card information if it had been accessed by the hackers.

Maybe they’ll post more information tomorrow. If I were a user of the PlayStation Network I` wouldn’t be enjoying waiting for the answers..

Sign up to our free newsletter.
Security news, advice, and tips.

Meanwhile, don’t forget that we do know that the personal information of the PlayStation Network’s customers was not encrypted – which means that hackers may have accessed your name, address, email address, birthday, password, and so on.

“The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”

Not sophisticated enough it seems.

Learn more on the PlayStation Network’s blog.

And don’t forget, you are strongly recommended to change your passwords elsewhere on the net, if you were using your PlayStation Network password on other sites.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.