2.2 million credit card numbers from PlayStation Network may be up for sale
After what is being speculated to be the largest Internet breach ever, rumors are circulating on the web that the Sony PlayStation Network violation may have additional problems. The possible trouble is the cybercriminals that broke into Sony's system may have possibly further exploited their hack creating a database listing 2.2 million member credit card numbers taken from the PlayStation membership.
"Sony has gone on record to confirm that a security breach at the Playstation Network by hackers has resulted in stolen personal information. According to the company, while personal information was likely stolen they don't believe credit card numbers were and the Playstation Network service is expected to be back up within a week. The news comes more than nine days after the intrusion and six days after Sony shut down both the Playstation Network and Qriocity services post the breach. Sony has also hired a "recognized security firm" to conduct a complete investigation into what happened. Details like Name, Address (city, state, zip), Country, Email address, Birthdate and PlayStation Network/Qriocity password and login and handle/PSN online ID, are expected to have been leaked. While there is no evidence that credit card data was taken, officials have not ruled out the possibility.
Sony is currently encouraging users to be more alert of potential phishing scams from people using email, phone calls and mail to try and extract more personal or sensitive information as well as recommends users to change their password once they can log back into the Playstation Network. Users can contact 1-800-345-7669 for any additional questions."
Worse, the rumor is this alleged database is up for sale.
Ben Parr, Mashable.com, reports "It seems that the source of some of the rumors is Kevin Stevens, a senior researcher at security firm Trend Micro. He told The New York Times that he has seen discussions about the supposedly stolen database on hacker forums. Apparently hackers are claiming to have a copy of the database and are asking for a price “upwards of $100,000.”
Quoted in the Mashable report was "It is not a rumor, it was a conversation on a criminal forum. I never saw the DB [database] so I can’t verify if it is real,” Stevens said in one of his tweets.
To further add fuel to the rumor, reportedly screenshots of the database have been listed on various "underground" forums that hackers purportedly frequent. Parr reports one of the message board posts listed the details of the alleged PlayStation Network database that not only includes the credit card numbers, but also contains expiration dates and security codes. If this is true, this could be a potential nightmare for those consumers affected.
If the database rumor turns out to be factual, this is going to cause a significant problem for millions of Sony customers. Not to mention this is not considering the fact that in the original statements Sony issued, the company said 77 million members' personal information listed on the accounts had been stolen. At the time the breach was made public, Sony said they were not sure whether or not credit card information was taken. In regards to the credit cards being stolen Sony said in their official blog "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”
The question begs asking, if 2.2 million credit cards are consolidated in a database and indeed for sale, what about the credit card details for the rest of the 70+ million members whose personal information was pilfered?
Initially members were annoyed that the network was shut down for a week, but this annoyance quickly turned to anger when users learned their information had been compromised and Sony did not share this news for about a week while they were investigating. Some users are even filing lawsuits in addition to their outrage.
If this rumor turns out to be true, and a database has been established that offers millions of consumer credit cards up for sale, it looks like things are about to potentially get a lot uglier with this data breach, for both Sony and their customers.
What to do if you think your own credit card number has been stolen
Worried about credit card fraud? Do you suspect somebody may be using your account? If so, you must act immediately!
1. Use the internet.
If you have online access to your credit card account (as with many debit cards), you can examine recent accounts activity yourself. Look for any charges you don't recognize. Compare charges to receipts you have saved.
2. Result in the call.
Call your credit card company. (This may be your bank, American Express, or another provider.) Have your charge card number handy. Hopefully, you have kept a copy of the front and back of your credit card, or at least, a copy of your latest month-to-month statement. Call the actual toll-free number and let them know what you think has occurred. Try to pinpoint the time of the theft, if you're able to.
Ask your credit card company to review recent charges on your account. This will give you the chance to determine which charges may not have been your own.
Three. Report it quickly.
By reporting your own potential loss quickly, you will minimize your personal risk. Be advised that you may be expected to pay for the first $50 of not authorized expenses. (This may differ, depending on the type of card and the company with which it is affiliated. For instance, debit and credit cards may have different minimum requirements.)
If your credit card actually has been stolen or lost, your charge card company will terminate your original account number. Anyone trying to use your account number from that point on - is going to be refused and probably imprisoned.
4. Activate your brand-new account number immediately.
You will likely be issued a new card with a new number. Activate this particular immediately, according to the directions you receive, if the supplier has not already done this.
5. Alert your own automatic billers.
You will need to express this information immediately in order to any organizations that bill your greeting card automatically. This may consist of insurance companies, your internet company, and others. If you fail to do this in a timely manner, you may experience a disruption in service.
Six. Update your online accounts.
Additionally, you will need to update your credit score information on all your preferred shopping websites, for those who have stored your account number with them. (You may wish to check the box that indicates you do NOT want this information stored, for greater security, although this indicates you will have to enter your bank account number every time you order.)
7. Destroy your original card.
Cut it up with scissers. By then, the accounts number will have already been canceled.
