77 million video gamers’ account data, including names, birth dates, email addresses and log-ins, were compromised after a cyberattack on a Sony datacenter in San Diego, California. The datacenter was home for the Sony PlayStation Network — which allows users to play games with friends around the world and download movies and games over the Internet.
Sony officials have stated, “the entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was behind a very sophisticated security system that was breached in a malicious attack.”
However, combined with other data, the personal data table is valuable. Since most people use the same passwords across various online websites, a cybercriminal could use the passwords to unlock everything from Facebook accounts to online banking. The e-mail addresses could be used in phishing attacks, with the fraudster using stolen details — like the target’s date-of-birth — to increase the chances of a response.
A saving grace for Sony is that since the credit card numbers were encrypted it might help them argue they were in compliance with the official Payment Card Industry (PCI) Data Security Standards, which mandates encryption for stored credit card data — something that could help Sony in the class actions lawsuits that have already begun.
What to do?
In its FAQ, Sony said, “If you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly that you change them.”
However, there is currently no way a user can find out what password he or she was using for PlayStation Network if it’s been forgotten, Sony told the website Giant Bomb.
“For your security, we encourage you to be especially aware of e-mail, telephone, postal mail or other scams that ask for personal or sensitive information,” the company said in an Update on PSN Service Outages FAQ posted Tuesday. “Sony will not contact you in any way, including by e-mail, asking for your credit card number, Social Security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.”
As we look at the weaknesses in the digital economy, perhaps consumers should also consider not using a checking account debit card for online transactions. Keep a separate credit card, just for online use that can limit your liability in case it is stolen and help in figuring out if you were the victim of a cybercrime.