PlayStation Network credit card information was encrypted, says Sony

And the company says the entire credit card table was encrypted in the latest update to over 70 million users of the network, but gave no details of the type of encryption used.

Although Sony still says it cannot rule out that the credit card data was taken, it has assured customers that the data did not include credit card security codes.

The company admits the personal data table was not encrypted, but says that it was "of course", behind a "very sophisticated" security system.

Security professionals say industry practices dictate that passwords should never be stored in clear text, but converted to code using a one-way cryptographic hash algorithm that cannot be reversed.

In response to the angry backlash from users, Sony says it is taking steps to make its services safer and more secure by enhancing security and strengthening its network infrastructure.

The company says it is initiating several measures that will "significantly enhance" all aspects of PlayStation Network's security and that of users' personal data, including moving its network infrastructure and data center to a more secure location.

According to the update, Sony is working with law enforcement and an unnamed technology security firm to conduct a complete investigation.

"This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible," the company says.

Sony says it expects to have some services up and running within a week, but it will restore operations only when confident the network is secure.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?