Technology

The business and culture of our digital lives,
from the L.A. Times

« Previous Post | Technology Home | Next Post »

Sony says PlayStation Network credit-card data was encrypted

April 28, 2011 | 12:09 pm

347919943_fd579e3d51_b

Sony, whose computers were hacked April 17, on Thursday said it had encrypted the credit-card data of its PlayStation Network and Qriocity customers, but not their personal and contact information.

The company maintained in an updated Q&A that it had no evidence of credit-card information having been stolen, but that it could "not rule out the possibility."

Sony also said it is working with law enforcement agencies to investigate the breach, which exposed the data of 77 million PSN and Qriosity accounts. The actual number of people affected may be smaller, as some accounts are inactive and some users have created multiple accounts. The New York Times earlier this week reported that the case had been sent to the FBI in San Diego. FBI officials declined to comment.

Encrypting data makes it harder, but not impossible, to read. In addition, hackers can use stolen passwords of high-level computer systems administrators at Sony to crack open the files, said John Pescatore, a security analyst with Gartner Inc.

"Encrypted data is only safe if the attacker doesn’t also get the decryption keys," Pescatore said. "That’s the worry about a compromised administrator password. Often, but not always, administrative access means attacks can subvert encryption. It is like locking your doors but leaving the key under the mat."

RELATED:

PlayStation and Qriocity network hacked

PlayStation breach: Advice from the experts

Security breach will cost Sony much more than money

-- Alex Pham

twitter.com/alexpham 

Photo: Sony PlayStation 3. Credit: Yoshifumi Harada via Flickr

Comments 

Advertisement










Video