Sony says credit card details *were* encrypted, but questions still remain

Credit cardSony has published a new blog entry, confirming that credit card details which could have been stolen in the recent hack of the PlayStation Network were encrypted.

Sony reassured users of the PlayStation Network that “all credit card information stored in our systems is encrypted”, but underlined that it cannot rule out the possibility that the credit card data was stolen.

The fact that encryption was being used on the credit card data is to be welcomed – as it reduces the chances of stolen information being used for fraud.

Credit card details were encrypted

However, there still remains the question about just how strong the encryption is that Sony used on the credit card data.

Sony signSony has once again missed an opportunity to reassure its customers. They should have said in the first announcement of the data loss that the credit card data was encrypted, and they should – in this latest communication – have provided details of the nature of the encryption that was used.

No-one outside of Sony knows how feasible it would be to decrypt the credit card information if it had been accessed by the hackers.

Maybe they’ll post more information tomorrow. If I were a user of the PlayStation Network I` wouldn’t be enjoying waiting for the answers..

Meanwhile, don’t forget that we do know that the personal information of the PlayStation Network’s customers was not encrypted – which means that hackers may have accessed your name, address, email address, birthday, password, and so on.

"The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

Not sophisticated enough it seems.

Learn more on the PlayStation Network’s blog.

And don’t forget, you are strongly recommended to change your passwords elsewhere on the net, if you were using your PlayStation Network password on other sites.