A hacker claiming to have credit card info stolen from Sony’s PlayStation Network is trying to sell the data on underground forums, but the claims have not been confirmed. Sony has contracted an outside security firm to investigate the intrusion on its network, and has stated emphatically that their credit card data was encrypted, reiterating that it had no evidence the data was stolen.
A researcher with TrendMicro, tweeted Thursday that he had seen discussions in online forums where hackers were offering to sell a database of 2.2 million Sony customer credit card numbers stolen during the attack. Sony was supposedly offered a chance to buy the records back, but didn’t take the bait. The person claiming to have the records says it contains first names, last names, addresses, phone numbers, email addresses, passwords, dates of birth, credit card numbers, CVV2 data, and expiry dates. Those last 2 are definitely problematic if true.
The information may already be circulating among the criminal underground as reports have been made by Sony customers about fraudulent charges appearing on credit cards they have used for the PlayStation service.