There Are 2.2 Million PSN Member's Credit Card Details Up For Sale

According to Kevin Stevens, an online security expert with TrendMicro, "low-level cybercriminals" are currently shopping around lists supposedly containing the credit card details of 2.2 million PlayStation Network members.

While Sony says it has "no evidence credit card numbers were stolen" in the attacks on the PlayStation Network, it has still recommended people make necessary precautions regarding their cards and bank accounts.

Stevens says the details are up for sale on the illegal forums of "carders" (people engaged in credit card fraud), and while he does not link these forums directly, says the sellers are claiming to be in possession of card holder's names, addresses, phone numbers, email addresses, dates of birth and, perhaps most importantly, full credit card details, including their CVV2 numbers (those little numbers on the back of the card).

Now, these sellers could be full of shit. I could put a listing on craigslist right now selling the moon for $US50 and there's nothing stopping me. Given the severity of the situation and the nature of the claims, though, let's hope "full of shit" is all these people are.

Is Sony user database for sale in online bazaar? [MSNBC]

WATCH MORE: Playstation News


Comments

    Is there any reason for the foul language? you realise people read RSS feeds at work, right?

      Where do you work? The Vatican?

        Somewhere where people have amazing eye sight and are able to pick out a single, small word amongst a page full of text. An optometrists, maybe?

        Due to the Vaticans consistant neglect of child abuse claims, I highly doubt they filter or monitor internet usuage...

      shit is not a swear word.

        Yet you have bitch written in the comments so... I rest my case

      My problem is not that I'm reading at work, it's just that it's a sign of the quality of the US content going down the drain.
      A smart writer does not need to use the word "fuck" in a headline just to draw attention or even the word "shit" in an article because the quality of the site's reputation and their creativity when writing is sufficient enough. But too often now the US editors are using expletives for shock value or out of laziness.

        You can add "Sensational headlines" to that list of grievances too. He could have just as easily said "Are There 2.2 Million PSN Member’s Credit Card Details Up For Sale?" or "There Are 2.2 Million PSN Member’s Credit Card Details Allegedly Up For Sale" to cover his ass and maintain his journalistic integrity.

        Thank God we have Marky Mark providing us with our localised award winning journalism :)

        Luke Plunkett is Australian, if that means anything...

        ... maybe we're just naturally sweary? :P

        Agreed. There are many polite, more intelligent exclamations or phrases that could be used, particularly given that the context of the article (and indeed the whole website) does not call for swearing. The US articles are getting a little lacklustre, aren't they?

        Also, what's with the hate on 'Greg'? He has a valid concern, and people rip into him for no reason? Lighten up folks.

          i was always amazed (and often pleased) that 'wanker' wasn't filtered on WoW...

      Feces, crap, poo, dung, excrement, excretion, fecal matter, manure, number two, stool, waste & shit all mean the same thing.
      Why do you decide that one of those is offensive?

      Maybe the solution here is whilst at work instead of reading gaming blogs you should.. I don't know.. work maybe?

      Hey everyone, Greg is reading a website that uses the 'S' word! Oh, the horror.

    If you're that much of a prude I guess you should be goddamn working, rather than sneaking in looks at videogaming RSSs, hey.

    That's not what they pay you for.

    Shit hardly qualifies as foul language and should you be wasting your employers time and money by reading this blog at work anyway.

    As for the credit card info being leaked I went into my bank today and (I hope) fixed any potential problems. A lot of others have done the same too even going as far as to close accounts according to the bank clerk who helped me.

    I call shennanigans, I don't remember ever having to enter the number on the back on the card to credit my PSN wallet. Maybe it's different for the MMOs, but I would have assumed they used the PSN wallet as well.

    From http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/:
    "Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number [Batguy: or CVV2 - http://en.wikipedia.org/wiki/Card_security_code]) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system. "

    So somebody is fibbing here, not sure who. Should probably be highlighted in articles like this though.

    "including their CVV2 numbers"

    If they're claiming they have the CVV2 then they're almost certainly full of shit. Since Sony never asked for (and hence cannot store) that number.

    Also, if your credit card is subject to fraudulent transactions, its *not your fault or responsibility*. So long as you report any fraudulent transactions, its the responsibility of the bank or credit card provider.

    Commonwealth Bank have stated that their card holders do not need to cancel their cards: http://support.commbank.com.au/app/answers/detail/a_id/1380 (obviously this is in their best interest so you keep using it; but even if your card details have been stolen, you're still safe because fraud is not your responsibility).

      Wow - the three of us worked this out pretty quickly, it would be nice if Mr Plunkett did too! Maybe I'm being a little harsh on him, but the sources I quoted above were all pretty obvious and I would have hoped he was aware of them...

        It's the first thing I thought of when reading the article. But until I read your comments I wasn't entirely sure if I was just imagining that I never needed to use the security code on PSN.

          Just today I had my card authorised by someone other than myself, and while originally I would have agreed that the claims of 2.2 million credit card details being up for sale looks like BS, at the moment I'm far more confused than before.
          While I'm not saying for sure that the fraud I've encountered today is because of this Sony fiasco, I can think of literally no other way it could have happened.
          *scratches head*

      Yep, I called the Comm Bank credit card hotline number last night... they were super busy and already had a scripted speil about directing their customers to not cancel credit cards, and that they were closely monitoring all cards for irregular use.
      Not sure where you are getting the statement that "While Sony says it has no evidence credit card numbers were stolen in the attacks on the PlayStation Network"... The email I got from Sony said that they believe that someone HAS illegally obtained my (huge list of personal info including purchase history and potentially credit card details)....

    Nice work pointing out its probably fake guys.

    I'm kind of curious to track down these credit card fraud forums. I always hear about all these illegal activities that go on on the internet and always wonder where these people could be gathering and how you find it. Is it just word of mouth for the website, surely if they were the first site that came up after googling 'credit card fraud forum' they'd be found out pretty quick. Is there some secret handshake to get in?

    I feel like after growing up with the internet, I should be able to find things like this.

    Nice journalism as always luke, go for the sensationalism headline and run instead of researching.

    Good thing the card I had on PSN expired

    They don't ask for the CVV2 number? Seems kinda silly since it should be asked for at least when making purchases as another form of verification.

    Was due for a new Visa-Debit thank you hackers!

    My trick to avoid credit card fraud. Always max out your credit card so there is no available credit. I win fraudsters.

    On Thursday someone had started using my credit card at hotels.com racked up afew hundred dollars of charges before I noticed and called commonwealth to cancel the card.

    No changes in how I use the card of late, no virus's on my systems, latest purchase is on steam which I've been using for years, I only use my card for steam and paying bills, haven't used it on the PSN for about 8 months but still it was saved.

    I find it abit suss that I change nothing in how I use my card, then PSN gets hacked and suddenly my card is being used on some website.

    Commonwealth had to increase my limit(they went over my set limit) then cancel the card and once I have a new card I have to dispute the charges.

    Gonna be fun!

    http://i.imgur.com/P0FqO.jpg

    Apparently they do ask for CVV numbers. Whups.

      Yep they do - i know BEFORE they didn't use to but for the last - i don't know just guessing here - year to 6 months ago they have been asking for it.

    Does anyone know how Sony knows that names, addresses etc. have been taken, but don't know if credit card information has been taken?

      Well customers names etc.. aren't gonna be encrypted like a credit card number - that's probably one of the main reasons.

Join the discussion!

Trending Stories Right Now