PlayStation Network credit card information was encrypted, says Sony


PlayStation Network credit card information was encrypted, says Sony

Warwick Ashford

Sony has reiterated its statement that there is no evidence that credit card data was taken by hackers who forced the company to suspend its PlayStation Network in the wake of a security breach.

And the company says the entire credit card table was encrypted in the latest update to over 70 million users of the network, but gave no details of the type of encryption used.

Although Sony still says it cannot rule out that the credit card data was taken, it has assured customers that the data did not include credit card security codes.

The company admits the personal data table was not encrypted, but says that it was "of course", behind a "very sophisticated" security system.

Security professionals say industry practices dictate that passwords should never be stored in clear text, but converted to code using a one-way cryptographic hash algorithm that cannot be reversed.

In response to the angry backlash from users, Sony says it is taking steps to make its services safer and more secure by enhancing security and strengthening its network infrastructure.

The company says it is initiating several measures that will "significantly enhance" all aspects of PlayStation Network's security and that of users' personal data, including moving its network infrastructure and datacentre to a more secure location.

According to the update, Sony is working with law enforcement and an unnamed technology security firm to conduct a complete investigation.

"This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible," the company says.

Sony says it expects to have some services up and running within a week, but it will restore operations only when confident the network is secure.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy