Community
Yesterday (Wed) we had Sony being not very re-assuring, saying "While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may also have been obtained."
Now today (Thu) we have Sony providing some reassurance, saying "The entire credit card table was encrypted and we have no evidence that credit card data was taken."
So on the one hand, why cause such consternation in the first place? On the other hand, there's no information regarding what encryption was being used.
Maybe we're only taking about Single DES or somesuch? Maybe they don't know what they mean by encryption? I've experienced instances where Companies I've been checking out didn't know the difference between hashing and encryption, and thought that MD-5 was encryption (and didn't know that it had been compromised).
Certainly the face that personal data including passwords appear to have been held in the clear, rather than be subject to a one-way hash, suggests that Sony weren't exactly at the cutting edge of Security practices?
"The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."
So until more details are forthcoming, people will continue to wonder just how sophisticated it was?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Hassan Zebdeh Financial Crime Advisor at Eastnets
08 October
Jelle Van Schaick Head of Marketing at Intergiro
07 October
Kuldeep Shrimali Consulting Partner at Tata Consultancy Services
Nikunj Gundaniya Product manager at Digipay.guru
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.