A new Q&A reveals that credit card data was and encrypted and kept separate from the rest of the PSN.
It’s starting to look like Sony may be able to avoid the dreaded worst-case scenario. The latest Q&A reveals that customers’ credit card information was isolated from the rest of the PlayStation Network and Sony says that there is still no indication that the hackers made it through the additional layers of security.
“All of the data was protected, and access was restricted both physically and through the perimeter and security of the network,” reads the Q&A. “The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”
Sony is still repeating their “we cannot rule out the possibility” mantra, although that now seems to be a precaution and Sony says that even if the encryption has been cracked, it would be impossible for anyone to get credit card security codes from the server.
“Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system,” continues Sony.
The rest of the Q&A provides some consumer advice for inquisitive customers, and it’s mostly common sense if you’re vigilant with your personal security. The biggest concern will likely be the loss of passwords, if only because that information will be useful beyond Sony’s servers. The rebuilt PSN will force all users to register a new password once the servers are back online, but you’ll also want to change the access code for the rest of your accounts if you’re in the habit of recycling.
Source: PlayStation Blog