Sony’s PlayStation Network headaches continue, with security researchers claiming that the hackers who broke into the company’s databases are offering to sell credit card numbers stolen from PSN users. Trend Micro threat researcher Kevin Stevens, reports the NYTimes, says that not only are the hackers seeking in excess of $100,000 for the database – which Sony has insisted is encrypted, but which other security experts warn may too have been infiltrated – but that they even offered it back to Sony.
Sony spokesperson Patrick Seybold, senior director of corporate communications and social media, denies the suggestion, however. “To my knowledge,” he told the newspaper, “there is no truth to the report that Sony was offered an opportunity to purchase the list.” Earlier this week, Seybold confirmed that not only was Sony reworking the PSN systems, with the help of both an external security firm and law enforcement teams, but physically “moving our network infrastructure and data center to a new, more secure location.”
Still, there’s ongoing concern that the horse has already bolted. “Sony is saying the credit cards were encrypted,” Mathew Solnik, iSEC Partners security consultant points out, “but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers.” Experts in credit card fraud have estimated that, if true, the potential for false payments could total $24bn.