Sony: 10 Million Credit Cards May Have Been Exposed 251
WrongSizeGlass writes "The LA Times is reporting that Sony has revealed that 10 million credit card accounts may have been exposed two weeks ago when a hacker broke into the company's computers in San Diego and stole data from 77 million PlayStation Network accounts. Sony said it will provide credit card protection services for the 10 million customers whose data were compromised. Sony last week said it had encrypted credit card data, but not other account information, including names, addresses, email addresses and birth dates."
Re:Encryption (Score:4, Informative)
As for the cryptanalysis problem, simply use a salt the same size as the card number and XOR the card number with it. Presto, perfectly random looking plain text with no (new) differential cryptanalysis vulnerabilities. You don't even need to do this if you use proper initialization vectors and a block cipher in CBC mode
they never said no CC#s were compromised (Score:5, Informative)
Sony never said no credit card numbers were compromised, they said that credit card numbers were in a separate encrypted database and probably were not accessed. But they can't be sure.
And they are saying the exact same thing now.