Sony: 10 Million Credit Cards May Have Been Exposed 251
WrongSizeGlass writes "The LA Times is reporting that Sony has revealed that 10 million credit card accounts may have been exposed two weeks ago when a hacker broke into the company's computers in San Diego and stole data from 77 million PlayStation Network accounts. Sony said it will provide credit card protection services for the 10 million customers whose data were compromised. Sony last week said it had encrypted credit card data, but not other account information, including names, addresses, email addresses and birth dates."
Fundementally broken system (Score:5, Insightful)
I know this is beating a dead horse... but the core problem here isn't Sony's epic failure... it's that the credit system is so broken that this information that was stolen is enough to seriously fuck with someones life.
I'm not trying to downplay Sony's screw up. I have a PSN account and as such am suitably nervous. This whole thing just reminds me of how messed up our system is.
Say it aint so! (Score:2, Insightful)
Still won't stop people (Score:5, Insightful)
Re:But the big question is... (Score:5, Insightful)
They previously announced that no credit card numbers were compromised. Can we get some outside verification on this because they obviously have no issue with lying to us.
Re:Ok (Score:5, Insightful)
Why does everybody collect and store all these data centrally?
For recurring payments. With your scheme, every user would have to enter their password every month. The biggest problem for Sony would be that everyone would be making the decision to continue paying for the service every single month. If the number is on file, then the customer has to go out of his way to cancel, but has to do nothing to stay a customer.
Re:Say it aint so! (Score:5, Insightful)
What I recall hearing them say was that they couldn't rule out the possibility that they had been exposed, but that they couldn't at that time confirm that it had happened either. I know we all like trolling Sony because they deserve it, but at least pick one of the many valid reasons for doing so, rather than making up one that doesn't exist.
Re:Ok (Score:4, Insightful)
Why does everybody collect and store all these data centrally?
Because "paying for stuff" isn't the only reason Sony collects your data. There's also advertising (especially targeted/predictive), data mining, data sharing (both internally and externally), tracking/trending, etc. I think that data is a lot more valuable sitting on their servers than it is hidden in your console - hence, whatever the cost, it will remain there. That really goes for any internet aware service, not just Sony/PSN.
Re:Ok (Score:5, Insightful)
beating wrong horse (Score:5, Insightful)
What would fix this is to have credit cards generate a contract not tap an open vein. that is, the credit card is used to authorize a one time transaction (after which the credit card number itself can be discarded for the transaction ID). For recurring charges the transaction authorized should only enable payments to sony, for goods provided to a specific address or online account, and include a cap. that is non-transferable transactions are the thing we should keep on record.
There needs to be a mechanism for generating these transaction IDs.
Re:not just theory (Score:0, Insightful)
I just got a call today from fraud protection on my debit card tied to my main bank account. They got triggered to suspicious activity when multiple charges showed up in two different states at the same time. Someone had gone to 2 Home depots in FL and ran $100 gift cards 6 times in 2hrs today. This also happens to be the same card I had used to make a purchase from the PSN network a month ago for the DLC of fallout new vegas.
Seriously? A debit card tied to your primary checking account used to pay for DLC?
Epic fail dude.
Comment removed (Score:5, Insightful)