The PSN hacking saga just took a turn for the worse, with news that a database containing around 2.2 million sets of credit card details are currently up for sale to the highest bidder.

Report from PSX-Scene suggest that the unknown hackers even offered to sell the details back to Sony themselves with little luck before offering them up on underground credit card trading forums.

The really disturbing part of this is the news that these details actually include the CCV security code that until now was believed to be safe. With that code married to the card owner’s name as well as the rest of the card details then the card could be used without a hiccup – news that will no doubt send a shudder down many spines at Sony HQ as well as the70 million plus PSN members who’s data could have been compromised.

http://www.redmondpie.com/database-containing-2.2-million-psn-credit-cards-up-for-sale/


If there is any element of truth in that then Sony are going to be hit with one hell of a fine! (Depending on where the data was stored obviously)

It was plausible (do you trust Sony's claim that the data was encrypted?) up to the point where CVV was mentioned...

Merchants who require the CVV2 for "card not present" transactions are forbidden in the USA by Visa from storing the CVV2 once the individual transaction is authorized and completed.[3] This way, if a database of transactions is compromised, the CVV2 is not included, and the stolen card numbers are less useful. The Payment Card Industry Data Security Standard (PCI DSS) also prohibits the storage of CSC (and other sensitive authorisation data) post transaction authorisation. This applies globally to anyone who stores, processes or transmits card holder data.

I'll wager the PSN servers are probably in the US, but even if they aren't, they'd still fall under the second clause.

Once again this just proves how useless security is in the hands of idiots...