As Sony claims card data was encrypted, New York Times begs to differ

The paper asserts that the hackers claim they have access to names, addresses, user names, passwords and payment card credentials of the users.

The revelations come as Sony announced last Thursday that there was no way to be sure that hackers had stolen the card data in a security breach, but added that the entire debit/credit card database was encrypted, Infosecurity notes.

Kevin Stevens, Trend Micro's senior threat researcher, is quoted by the New York Times that he had seen forum chatter about hackers offering the credit details for sale.

Comments indicated that hackers plan to sell the information for more than $100,000.

Stevens told the paper that one forum member told him the hackers had even offered to sell the data back to Sony but did not receive a response from the company.

Patrick Seybold, senior director of corporate communications and social media at Sony, reportedly responded to the claims saying: "To my knowledge there is no truth to the report that Sony was offered an opportunity to purchase the list."

The New York Times, meanwhile, quotes Mathew Solnik, an ISEC Partners' security consultant, as saying that, despite Sony's comments, "we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers."

Solnik's comments appear to be backed up by other newswire sources, Infosecurity notes, suggesting that the Sony PSN hacking incident is likely to rumble on for some time.

What’s Hot on Infosecurity Magazine?