Hackers gained to users’ name, address, birth date, purchase history, and possibly credit card information. While Sony ensures users that the credit card information stolen is encrypted and that CVV numbers were not included in the data stolen, it is still better be safe than sorry in this situation – especially at this early stage where the identity, methods and motives of the thieves are unknown.
Update: May 3rd it came out that the details of Sony Online Entertainment users have also been targeted by hackers, adding approximately 24.6 million SOE accounts to the 77 million PSN accounts and bringing the total to a whopping 100 million user accounts compromised in the attack.
“The only thing that we can be virtually certain of is that the information has now been parcelled up and sold on black exchanges – market places where digital information is traded as any other commodity, with rates that range from $2 for one kind of information to $25 for credit card details, depending on the going rate,” says BullGuard CTO, Claus Villumsen in a comment to the breach.
BullGuard has these tips to PlayStation subscribers on how to limit the damage and protect themselves from identity theft:
1. Change username and passwords for unrelated accounts that use the same username and/or password as the PlayStation account. As most people use the same few passwords/security questions for all their accounts, stolen passwords pose a major security risk.
2. Change security questions and password on PlayStation account.
3. Moving forward, only make purchases with devices that have security software installed such as your PC.
4. Closely monitor account statements and credit report. If your details have been stolen it is most likely that the thieves will siphon out small amounts at a time, making them less likely to be spotted.
5. Get a fraud alert on your credit card, or cancel it and get a new one.
General advice – how to protect your personal details on public networks like PlayStation:
1. Do not store your credit card details online. Many services have so-called “e-wallet” services which allow you to store credit card details, in order to make future purchases fast and easy for you. This conflict between security and convenience is a huge dilemma for online services, and should be something you consider carefully as well.
2. Do not use the same passwords and security questions for all your accounts. Most people alternate between 2 or 3 passwords for everything. Consequently, if one account is hacked, identity thieves have access to all your different profiles and accounts. At least make sure that the passwords and security questions you use for banking and money transfers are very different from the ones you use everywhere else.
3. If you mention your children’s, pet’s and spouse’s names on social media like Facebook and Twitter, do not use these for your passwords. That’s what everyone else is doing, and the bad guys are on that!
4. Only make purchases with devices that have internet security software (minimum antivirus and firewall) installed such as your PC.