Giant Bomb News

114 Comments

Roughly 900 Credit Card Numbers Exposed Via Sony Online Entertainment Breach

The years-old database contained data for mostly expired cards. Horray?


 "Ha ha. Wait, cards from 2007? Only ha, then."
Sony's security woes continued yesterday when Sony Online Entertainment announced a security breach at the same facility that housed PlayStation Network's recently compromised database. 

The MMO developer said the personal information of 24.6 million accounts were exposed, in addition to 12,791 non-US credit or debit numbers with expiration dates--but not security codes. Data compromised included name, address, email address, birth date, gender, phone number, login name, and hashed password. 10,740 direct debit records from Germany, Austria, Netherlands and Spain were also accessed.

In mildly "positive" news, SOE has revealed this morning that most of those were actually expired cards. Only 900 of the nearly 13,000 exposed were active cards, meaning most consumers are not at risk. The database accessed was reportedly from 2007, explaining how so many of the cards have expired.

Like PSN, SOE does not believe its main database was or is at risk.

"There is no evidence that our main credit card database was compromised," reiterated the company in a statement. "It is in a completely separate and secure environment."

It's been quite a ride when that's considered positive news.

With PSN still down, PlayStation 3 users are still unable to access SOE titles like DC Universe Online. Patrick Klepek on Google+
114 Comments
  • 114 results
  • 1
  • 2
  • 3
Posted by patrickklepek

 "Ha ha. Wait, cards from 2007? Only ha, then."
Sony's security woes continued yesterday when Sony Online Entertainment announced a security breach at the same facility that housed PlayStation Network's recently compromised database. 

The MMO developer said the personal information of 24.6 million accounts were exposed, in addition to 12,791 non-US credit or debit numbers with expiration dates--but not security codes. Data compromised included name, address, email address, birth date, gender, phone number, login name, and hashed password. 10,740 direct debit records from Germany, Austria, Netherlands and Spain were also accessed.

In mildly "positive" news, SOE has revealed this morning that most of those were actually expired cards. Only 900 of the nearly 13,000 exposed were active cards, meaning most consumers are not at risk. The database accessed was reportedly from 2007, explaining how so many of the cards have expired.

Like PSN, SOE does not believe its main database was or is at risk.

"There is no evidence that our main credit card database was compromised," reiterated the company in a statement. "It is in a completely separate and secure environment."

It's been quite a ride when that's considered positive news.

With PSN still down, PlayStation 3 users are still unable to access SOE titles like DC Universe Online.
Staff
Posted by dragonzord

awesome man

Edited by FourWude

OKAY

Oh well, one day.... one day.

*Gotta keep on trucking*

Posted by Sammo21

This really isn't that weird as Paypal still has 3 or 4 cards of mine listed that are expired.  Also, so did XBL at one point.

Edited by phish09

Yeah...I realized after I went and canceled my card that the last game I bought on PSN was Final Fantasy VII, and that means that they still had my old expiry date. Usually it's not very hard to figure out what the new expiry date is because it's generally either 3, 4 or 5 years after your previous one.

Even if your expiry date was not updated, it's still not a bad idea to have your card reissued.

Posted by Getz

It could be worse than this, but having all your personal information stolen is no picnic. Good thing it was an older database.

Posted by Krakn3Dfx

Just really ready for PSN to be back online, and hopefully the store so I can pick up Outland.

Posted by ThePhantomnaut
@FourWude said:
"

OKAY

Oh well, one day.... one day.

*Gotta keep on trucking*

"
Don't think too hard about it or else it wont happen. This site wont go permanently down soon; if that shit ever happens, that's gonna be lulz for the non-forum, non-wiki, but hella quest people WHO SHOULD POST OR HELP MAKE A WIKI! Ahem...
Posted by TadThuggish

Boy, Sony sucks at everything.

Posted by StriderNo9

Man this has been a terrible month for Sony and Trump.

Posted by CyleMoore

Well I only have like $3.00 to my name right now so I'm still not worried.

Posted by Banzai_NL

Still way too many. :(

Posted by m0rdr3d

Nice going, Sony!  "Meh.  They were mostly expired cards.  Why secure em."

Don't think I'll be doing business with those pricks ever again.  Anyone wanna buy a PS3 Slim?

Posted by Altrezia

Passwords were only hashed? LOL. If my employees did that, they'd be off, and we're only a tiny web agency.

Posted by OldManLight

Un-fucking-acceptable! EVER!

Posted by benu302000

Sony:
Cel-i-brate-good-times, COME ON.

Posted by TheAdmin

I feel like the next thing I'm going to read about is that if  you ever bought a Sony product that your information is leaked. How do you not prepare for this kind of thing!? 

Posted by Phoenix87

Even 1 exposed is too many.

Posted by White_Silhouette

Well out of "77 million"  users that's only 0.0012% of possible credit cards that could have leaked.

I should work as a spin doctor for Sony.

Posted by zityz

This seams like bad news bears for sony. A lot of people are probably going to be sour over this to the point where they probably won't trust sony's services again. Shame too. No company should have to have this happen to them.

Posted by Yanngc33

So who are the "lucky" 900?

Edited by UnsolvedParadox

How did Sony decide if a card has expired? A different CID number would likely have been issued by now, but not definitively...and that doesn't change the basic credit card number.

Posted by Kombat

The bad news just keeps pouring in from Sony. I'm starting to feel sort of bad for them; they've got an honest mess on their hands, and someone out there just keeps pouring it on faster than they can deal with it.

Posted by Jasonofindy

Didn't Sony's press release last week say that some PSN services would start coming back online today?  or did they later amend that to sometime this week?  

Posted by Kyreo
@Phoenix87 said:
" Even 1 exposed is too many. "
Pretty much this.
Posted by dragonzord
@White_Silhouette said:
" Well out of "77 million"  users that's only 0.0012% of possible credit cards that could have leaked.I should work as a spin doctor for Sony. "
This is SOE not PSN
Posted by QKT

even after being exposed there's still no reports of actual fraud.

there's still no way of knowing if the details have been taken.
i dont use my main card for psn so im ok but im gonna leave it be to see what happens.
Posted by wickedsc3
@White_Silhouette said:
" Well out of "77 million"  users that's only 0.0012% of possible credit cards that could have leaked.I should work as a spin doctor for Sony. "
The 77 million is from playstaion network, this article is talking about SOE(there online mmo's) at the same facility.  
Posted by MordeaniisChaos
@Phoenix87 said:
" Even 1 exposed is too many. "
Oh shut up. Unless you are a 1 man, top security firm, I think I'll just assume that your another whining prick. Nothing is perfect. Even military body armor can't stop every round. How can you expect it to be any different for cyber security? 900 isn't that bad, especially if the people know about it. If you have a credit card and you don't keep an eye on your account, especially when you've been notified of this kind of event, your just asking for it. It sucks, maybe they could have done better, but that's a tiny number relatively speaking, and it's not like they just gave em out to criminals. Why blame the people who spent 4 years planning a bank heist when you can blame the bank, right?

/sigh

@m0rdr3d said:
"

Nice going, Sony!  "Meh.  They were mostly expired cards.  Why secure em."

Don't think I'll be doing business with those pricks ever again.  Anyone wanna buy a PS3 Slim?

"
Except they were secure. Just separate.
But hey, feel free to be a big baby about all of this and act like Sony fucked you in the ass with a steel rod. Also, SOE is totally separate from the Playstation division. Sony is so big with so many parts, it's basically a confederation, in business form. Blaming one division for the failing of another is just silly.
Online
Posted by Tekkor

Yeah...not to pile on but this really is such a fiasco. This is just so unacceptable that its not even funny. You have to be either an employee of Sony or have a Sony fanboy tattoo to be defending them at this point. 


I have only had a couple Xbox 360's for the last several years and thought about getting a PS3 a couple months ago. No way I do it at this point just on principle. 
Posted by zameer

So is Ryan screwed since he semi-recently played The Matrix Online?

Posted by chrissedoff

fuck this company

Edited by WinterSnowblind
@Jasonofindy said:

" Didn't Sony's press release last week say that some PSN services would start coming back online today?  or did they later amend that to sometime this week?   "

Limited services are returning tomorrow.

@MordeaniisChaos

said:

" Except they were secure. Just separate.

But hey, feel free to be a big baby about all of this and act like Sony fucked you in the ass with a steel rod. Also, SOE is totally separate from the Playstation division. Sony is so big with so many parts, it's basically a confederation, in business form. Blaming one division for the failing of another is just silly."

Sony failed their customers big time and have broken laws/mandates in certain countries.  They deserve everything they get and I think defending them for this is stupendously immature.
You can call people babies for being upset, but I'm sure you'll feel very differently if you're the victim of identity fraud because of Sony's lax security measures.  Sony don't need you to defend them and you shouldn't be pretending that this isn't a big deal.
Posted by Warchief

keep on reaching for that rainbow Sony. 

Posted by JJWeatherman

Wow, what the hell. Sony's getting torn apart. This is brutal.

Posted by Noisician

Just when you think it's over, Sony keeps this roller coaster of failure going.

Posted by White_Silhouette
@zoner: @wickedsc3: Ahh my bad.
Posted by LoneWolf75

I never enter a credit card number into a console,I just pick up those cards in a store if I want Xbox live or PSN credit.

Posted by Azteck

Wow 900 cards. Holy fuck.

Posted by MrAristocrates
@Tekkor said:
" You have to be either an employee of Sony or have a Sony fanboy tattoo to be defending them at this point. "
Or do any research whatsoever.
Posted by WinterSnowblind
@MrAristocrates said:
" @Tekkor said:
" You have to be either an employee of Sony or have a Sony fanboy tattoo to be defending them at this point. "
Or do any research whatsoever. "
I find it highly amusing that it's only the people with blue usernames (and KaosAngel, who's a Sony fanboy anyway) defending them at this point.
But please, point me in the direction if this research that I've clearly skipped over, that nulls the fact they've lost my personal details and maybe even my credit card information twice.
Posted by artofwar420

There really doesn't seem to be an end in sight.

Posted by MrAristocrates
@WinterSnowblind said:
" @MrAristocrates said:
" @Tekkor said:
" You have to be either an employee of Sony or have a Sony fanboy tattoo to be defending them at this point. "
Or do any research whatsoever. "
I find it highly amusing that it's only the people with blue usernames (and KaosAngel, who's a Sony fanboy anyway) defending them at this point.
But please, point me in the direction if this research that I've clearly skipped over, that nulls the fact they've lost my personal details and maybe even my credit card information twice.
"
Maybe it's because the people with the blue usernames aren't posting in the first article they see without looking anything else up. I'd be a lot more open to what you had to say if you weren't so rude about it.

Also, again, research. We still don't have any evidence that the PSN credit card info was even accessed.

I declare the word "fanboy" to be a variation on Godwin's law, in that someone will always bring it up.
Posted by LordCmdrStryker
@MrAristocrates said:
"We still don't have any evidence that the PSN credit card info was even accessed."
Their system was compromised!  WE HAVE TO ASSUME THE WORST.  If you do NOT assume the worst, YOU ARE BEING EXTREMELY NAIVE.

I cancelled my card a while ago.  If you haven't already done so, you should get on that shit.  The alternative could seriously screw up your life.
Posted by LiquidSwords

"Everybody's Mad" meme goes here

Posted by FMinus
@MrAristocrates said:
" @WinterSnowblind said:
" @MrAristocrates said:
" @Tekkor said:
" You have to be either an employee of Sony or have a Sony fanboy tattoo to be defending them at this point. "
Or do any research whatsoever. "
I find it highly amusing that it's only the people with blue usernames (and KaosAngel, who's a Sony fanboy anyway) defending them at this point.
But please, point me in the direction if this research that I've clearly skipped over, that nulls the fact they've lost my personal details and maybe even my credit card information twice.
"
Maybe it's because the people with the blue usernames aren't posting in the first article they see without looking anything else up. I'd be a lot more open to what you had to say if you weren't so rude about it.Also, again, research. We still don't have any evidence that the PSN credit card info was even accessed.I declare the word "fanboy" to be a variation on Godwin's law, in that someone will always bring it up. "

Thing is, even if the CC data was not stolen, the fact that such data might be available to the hacker made customers like me angry. I have to go through the hassle of changing both of my CC just because their security was breached. If it turns out that the CC data was in fact not touched by the hacker good, still how long do I have to wait before Sony finally opens the mouth and gives me concrete answer weather or not it was stolen? 

I rather not wait, so I went to the bank and applied for a change for both of my cards which in the end is going to cost me money, not much but still. I rather take the risk of changing them as later going through the process of fraud which takes even longer and what not. 

Still I can not stress how bad their information is. By now they should know exactly if and what data was stolen and I think it's in their power, to email those accounts that got breached with information "hey your card was compromised", even for the 2007 card, because as someone above mentioned, not every CC number changes when you get a new card. 4  Master Cards already expired for me and all the new cards come with the exact same number, except the CCV is different but that's 3 digits and this means shit anyway regarding security. Same goes for my AMEX. 

So yeah I'm pretty disappointed in Sony and they have lost my trust for pretty much ever. Not because they got hacked, that can happen to anyone, but because valuable data wasn't encrypted like it should be, even if it's 20 years old, and the way they are handling this regarding customer information is rather disrespectful at best - info should be on my inbox or on their site DAY-1 of the hack. 

Posted by EgoCheck616
@MrAristocrates said:
" @WinterSnowblind said:
" @MrAristocrates said:
" @Tekkor said:
" You have to be either an employee of Sony or have a Sony fanboy tattoo to be defending them at this point. "
Or do any research whatsoever. "
I find it highly amusing that it's only the people with blue usernames (and KaosAngel, who's a Sony fanboy anyway) defending them at this point.
But please, point me in the direction if this research that I've clearly skipped over, that nulls the fact they've lost my personal details and maybe even my credit card information twice.
"
Maybe it's because the people with the blue usernames aren't posting in the first article they see without looking anything else up. I'd be a lot more open to what you had to say if you weren't so rude about it.Also, again, research. We still don't have any evidence that the PSN credit card info was even accessed.I declare the word "fanboy" to be a variation on Godwin's law, in that someone will always bring it up. "
Fanboy.
Posted by MrAristocrates
@LordCmdrStryker said:
" @MrAristocrates said:
"We still don't have any evidence that the PSN credit card info was even accessed."
Their system was compromised!  WE HAVE TO ASSUME THE WORST.  If you do NOT assume the worst, YOU ARE BEING EXTREMELY NAIVE.

I cancelled my card a while ago.  If you haven't already done so, you should get on that shit.  The alternative could seriously screw up your life.
"
It disturbs me that I thought it was a joke at first. I would prefer waiting until I hear (not just from Sony, mind you) reliable sources telling me that the cards were actually compromised, rather than cancel a card based on something I don't have enough info to make an informed decision based upon.
Edited by MrAristocrates
@EgoCheck616 said:

" @MrAristocrates said:

" @WinterSnowblind said:

" @MrAristocrates said:
" @Tekkor said:
" You have to be either an employee of Sony or have a Sony fanboy tattoo to be defending them at this point. "
Or do any research whatsoever. "
I find it highly amusing that it's only the people with blue usernames (and KaosAngel, who's a Sony fanboy anyway) defending them at this point. But please, point me in the direction if this research that I've clearly skipped over, that nulls the fact they've lost my personal details and maybe even my credit card information twice.
"
Maybe it's because the people with the blue usernames aren't posting in the first article they see without looking anything else up. I'd be a lot more open to what you had to say if you weren't so rude about it.Also, again, research. We still don't have any evidence that the PSN credit card info was even accessed.I declare the word "fanboy" to be a variation on Godwin's law, in that someone will always bring it up. "
Fanboy. "
Oh, I wasn't denying it. It just pisses me off that it comes up so often. I own every console and I'm still a raging fanboy!

 @FMinus: It pisses me off too that Sony had such poor security. But people have been finding numerous ways that don't even make sense to get angry over this, and it's annoying.
Posted by dagas
@MordeaniisChaos said:
 and it's not like they just gave em out to criminals. "
As long as a company doesn't actively give away your credit card information to criminals they are doing a good job? Wow you really must have low standards for the companies you deal with. I guess you would feel safe to have your valuables in a bank where they store them in an unlocked box in the lobby? I mean they are not giving them away to criminals right? If someone happens to take them the bank can hardly be held responsible in any way right?

Of course the thieves are to be blamed first and foremost, but any company who stores people's passwords, credit card numbers, personal information etc. have an obligation to safeguard that data.
  • 114 results
  • 1
  • 2
  • 3