News

PlayStation Network credit card information was encrypted, says Sony

Sony has reiterated its statement that there is no evidence that credit card data was taken by hackers who forced the company to suspend its PlayStation Network in the wake of a security breach.

And the company says the entire credit card table was encrypted in the latest update to over 70 million users of the network, but gave no details of the type of encryption used.

Although Sony still says it cannot rule out that the credit card data was taken, it has assured customers that the data did not include credit card security codes.

The company admits the personal data table was not encrypted, but says that it was "of course", behind a "very sophisticated" security system.

Security professionals say industry practices dictate that passwords should never be stored in clear text, but converted to code using a one-way cryptographic hash algorithm that cannot be reversed.

In response to the angry backlash from users, Sony says it is taking steps to make its services safer and more secure by enhancing security and strengthening its network infrastructure.

The company says it is initiating several measures that will "significantly enhance" all aspects of PlayStation Network's security and that of users' personal data, including moving its network infrastructure and datacentre to a more secure location.

According to the update, Sony is working with law enforcement and an unnamed technology security firm to conduct a complete investigation.

"This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible," the company says.

Sony says it expects to have some services up and running within a week, but it will restore operations only when confident the network is secure.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy