Hello forum.

I am sure there must be some playstation fans here. I am sure that you have already heard, but there is terrible news regarding the PSN hack of the last few days.

Sony released this morning that the hackers that brought down the playstation network, could have gained access to important credit card details.

I personally am very worried about this, and furious at sony for waiting 6 days to tell us this.

Please, if anyone has any more information on this, or if you just want to share your opinion, then leave a reply below.

~Will

Keep reading, they didn't "wait" to tell anyone. They shut down the servers after the attack and once the outside group was brought in to check everything, that's when they found out. Still not good, but not the "Sony knew this and waited to tell us" situation either.

Fair enough, but I agree. Still not good.

I heard about this a few days ago. Now I can't play LBP2.

Obviously they would go after credit card details. Keep hopes up they didn't, but the only reason someone would risk hacking a company like Sony is for a substantial amount of profit in legal tender. I can't see any other reason someone would do this in the first place.

As somebody who does security research and incident response professionally I can tell you that although credit cards are very valuable, even if they only grabbed usernames and password hashes they still made it away with incredibly valuable data.

Bad guys are very smart about how they monetize stolen data. The "steal a credit card and use it on Amazon" scenario is obvious to the lay-person but the reality of what is usually done with the data is actually quite complex and impressive.

I'm fine with it. All my account has is a name, email, and adress: not much they can do with that. Hopefully though this helps Sony in the future when trying to sue hackers and such.

Got my first PS3 in December (Christmas). Well, I did add $25 worth of credits to my PSN account "stardust_4ever", since "stardust4ever" was taken. Most of it was was spent on DLC content for Little Big Planet. Not too worried, although I did notice last weekend (Easter weekend) that PSN network was down. Has it really been down an entire week? I've been in college so I haven't been able to check my account.

According to Norwegian newspapers, people have been using the stolen credit card details already. This one guy checked his online bank details to find 11 purchases made from his PSN account.

You aren't thinking like an attacker experienced in monetizing this sort of data.

In addition to getting you account name and email address, they also got either your password or a hash of your password. While your PSN account password may be unique, most people use the same password everywhere. Armed with an email address and password, attackers will typically check the password against other services such as Amazon, iTunes, PayPal, various banks, etc. If say, your iTunes password is the same as your PSN password then the attackers can make several high-value purchases to songs or apps that they own to make money.

Also, your email address tied with a real name and home address is a lot more valuable to spammers and marketing companies than just your email address alone.

Another way to monetize your information is to use your username and password to log into your Facebook account. One such scam is the "stuck in London" scam to con your friends out of money. You can read about it here: http://techcrunch.com/2009/01/20/latest-facebook-scam-phishers-hit-up-friends-for-cash/ or here http://www.facebook.com/group.php?gid=9874388706&_fb_noscript=1.

Finally, usually the people that hack the information don't try to directly use it themselves. Usually they offer the information for sale to other scammers that are setup to perform specific attacks. They will offer valid Facebook logins for sale as well as valid iTunes logins, etc. Somebody who is used to stealing money via iTunes will buy those logins in bulk to try to steal money.

In short, your data is for sale and even if the original attackers can't think of a way to make money from the data, they will sell it to others who can.

Everyone affected by the breach should take all remediation steps necessary to devalue the stolen data as much as possible.