PlayStation Network members have a new concern. As if having all their personal information stolen by some unknown hacker isn’t enough, rumors are spreading like wild fire that the credit card information Sony says was encrypted is up for sale. According to sources, the databases include the CVV numbers, which Sony says it never stored on its databases.
Kevin Stevens posted on Twitter yesterday that he saw a chat conversation on a criminal forum that discussed selling the hacked PSN information. According to Stevens, who stated that he never actually saw the database, the hackers are claiming that the database includes first and last names, addresses, data of birth, phone number, email address, password, credit card numbers, expiration date, and the all-important CVV numbers.
According to Gadgetsteria, independent security blogger Brian Krebs saw a similar conversation and managed to capture a screenshot of part of the conversation, which can be seen at gadgetsteria.con. Like Stevens, though, Krebs hasn’t seen the database, so he can’t verify the information.
As this rumor tries to catch a foothold, some PSN users are beginning to make claims of fraudulent charges on their credit card accounts. According to Ars Technica, more than a dozen people have come forward with the claim that fraudulent use has been found on the same cards they used on PSN.
Softpedia reports that the transactions that users reported were, what Softpedia called, card-present transactions. They state that “they involve cloned cards and corresponding PIN numbers.” Softpedia explained that all the data encoded on the magnetic stripe would be needed in order to clone a card, which can only be obtained by skimming or hacking a payment processor. According to Softpedia, the fraudulent charges are unlikely to be associated with the PSN hack.