Update 28/04/2011 11:00 GMT
Sony has updated some information, indicating that the credit card information was encrypted -it seems that was the only encrypted information 🙁 – so even though they could have been stolen, cybercriminals could not obtain the credit card numbers, at least in an easy way. However it will depend on the type of encryption used by Sony, if it is not a strong one the bad guys could obtain the information performing a simple brute force attack.
In Spain the number of PSN users is above 3 millions, and 330,000 of them have their credit cards registered there. Extrapolating this data, it would mean that the system has more that 7 million credit cards exposed.
On the other hand, Microsoft published yesterday a security alert for their Xbox Live service:
As you can see it’s a phishing attack to Xbox Live users, something that we have seen in the past and it is not related to the attack received by Sony.
Sony has already been sued in the US by a PSN Users, see CNET.
Update 27/04/2011 15:30 GMT
A Spanish user tweet shows he has been charged in his card, his bank has called him after a suspicious charge to Netflix has been done (Netflix is not available in Spain):
He has called Sony customer service and has explained it all in his blog (in Spanish, English and French.)
When we talk about identity theft, compromised data, etc. all of us are used to think automatically in personal computers. In fact most of the advices are like this: “don’t log into your mail or any other services through computers you don’t trust.” And that’s ok, but when we use some other device, such as the Playstation 3, at home, we usually don’t think that the information will be compromised. And that has turned out to be the case, for all Playstation 3 users plus anyone with data in the PlayStation Network (PSN).
This is the official statement published by Sony, where you can read what data has been stolen:
– Address (city, state, zip)
– Email address
– PlayStation Network/Qriocity password and login, and handle/PSN online ID.
Sony also warns that it is also possible that other profile data could have been stolen, such as purchase history and billing address, and the PlayStation Network/Qriocity password security answers.
They don´t rule out that credit card data has been compromised too (credit card number + expiration date).
This is one of the major data breach ever, with more than 70 million people potentially affected.
Finally, as we all are lazy bastards 😉 please run and change the password in case you were sharing the same one in any other place.