14 DAY TRIAL // Following the massive data breach that led to the shutdown of Sony's PlayStation Network (PSN), some customers have begun reporting credit card fraud, although most of these reports are likely not related to the incident.
Two days ago Sony finally revealed the reason why the PSN has been offline since April 20 and it was worse than most people thought.
Apparently hackers managed to steal the personal information of the service's 77 million users. The exposed data includes names, addresses (city, state, country, zip), email addresses, birthdates, PlayStation Network/Qriocity passwords and logins, as well as PSN online IDs.
Sony also advised that purchase history, billing information together with password security answers and credit card numbers and expiration dates, might also have been compromised.
Following the news, some people have begun reporting fraudulent activity on their credit card accounts, suggesting it might be related to the data PSN breach.
According to CNET, the card of a GameFly Media employee was reportedly used to buy $1,500 worth of goods at a grocery store in Germany and other gamers were informed of fraudulent withdrawals by their respective banks.
Ars Technica says around a dozen people have reported fraudulent charges on their cards, which occurred in countries they never visited. One user said his card was charged $8,000 for purchases at a Japanese store.
There's one problem with most of these reports though - they refer to card-present transactions. Fraudulent withdrawals and offline payments are unlikely to be connected to the PSN breach because they involve cloned cards and the corresponding PIN numbers, which Sony didn't have.
In addition, to clone a card one needs a dump of the data encoded on its magnetic stripe, which can only be obtained through skimming or by hacking into a payment processor.
Even online fraud is unlikely, because according to Sony, the CVV2 security numbers which are required for all online credit card purchases were not stored on the system.
Furthermore, the company states in its data breach FAQ that, while the leak of credit card numbers and expiration dates cannot be ruled out, it is very unlikely because this information was stored in encrypted form.