Sony encrypted credit card data, not user account info
NEW YORK - Sony is telling PlayStation users that it had encrypted the credit card data that hackers may have stolen, reducing but not eliminating the chances that thieves could have used the information.
The company said in a blog post Wednesday that while it had no direct evidence the data was even taken, it cannot rule out the possibility. It did not say how strong the encryption was, and it is possible for hackers to decipher files that are weakly encrypted - it's just more difficult.
"All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken," the company wrote in its blog post.
Sony's PR statement
Sony sued for PlayStation Network data breach
Sony PS3 data breach highlights what a loser I am
Whether this will snuff out the mounting discontent among PlayStation Network users remains an open question. Most subscribers to the service still don't know much about the sort of encryption being deployed to protect their personal information - or whether it's sufficient to guarantee the protection of their credit cards. "The personal data table, which is a separate data set, was not encrypted," Sony said today, "but was, of course, behind a very sophisticated security system that was breached in a malicious attack."
On Tuesday, Sony had said that account information, including names, birthdates, email addresses and log-in information, was compromised for certain players using its PlayStation Network. In an earlier blog post, the company had said that data had not been encrypted and had been kept in a separate location from the credit card information. The company said it is in the process of moving its network infrastructure and its data center to a new, more secure location, though it did not give any more details. And it said it is working with law enforcement to investigate who is responsible for the attack.
Sony shut down the network last Wednesday after it said account information, including names, birthdates, email addresses and log-in information was compromised for certain players in the days prior. It said it expects to have some services back up by next Tuesday, though it added it will only restore operations if it is confident that the network is secure.
Sony says that of the 77 million PlayStation Network accounts, about 36 million are in the U.S. and elsewhere in the Americas, 32 million in Europe and 9 million in Asia, mostly in Japan.