Rumors are swirling around the web that the hackers who took down the PlayStation Network may have stolen 2.2. million credit card numbers. Not only that, but apparently the database is for sale.
It seems that the source of some of the rumors is Kevin Stevens, a senior researcher at security firm Trend Micro. He told The New York Times that he has seen discussions about the supposedly stolen database on hacker forums. Apparently hackers are claiming to have a copy of the database and are asking for a price “upwards of $100,000.”
“It is not a rumor, it was a conversation on a criminal forum. I never saw the DB so I can’t verify if it is real,” Stevens said in one of his tweets.
There’s more, though. Screenshots from “underground” message boards supposedly frequented by the hackers have been surfacing as well. We’ve seen these screenshots posted by security blogger Brian Krebs and on the PSX-Scene forums. One of them even describes the supposed format of the PSN credit card database, which includes credit card numbers, card security codes and expiration dates.
Sony has previously claimed that there is no evidence that credit card data was stolen, but that it couldn’t rule out the possibility. “If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained,” the company warned in blog post on Tuesday.
So far, there is no confirmation that credit card information has been stolen, that the PSN database is real or that the hackers are trying to sell it. Yet the mere possibility that 2.2 million credit cards could be sold to the highest bidder is an alarming and frightening possibility. Sony is working with the Federal Bureau of Investigation on the matter, but there’s no telling how long it will take them to track down the perpetrators of the attack.