PSN Breach: Credit Cards Encrypted, Other Things Not So Much

This information was in a link I put earlier, but just so it’s clear: Sony states that all credit card information in their breached database was indeed encrypted, though the “personal data” wasn’t. What does that mean? It means your name, password, and any information you gave Sony that wasn’t a credit card number is now in the hands of our mystery hacker (who, Sony stresses, they are working with law enforcement to find).

In addition, Sony says that they are “enhancing security and strengthening our network infrastructure” and moving their datacenters to a new location. Good news. But like with BP, the cleanup is only half the issue. Hence that lawsuit alleging that Sony was negligent in security and notification.

When the services come back, you’ll be needing to change your password. I’d change you password elsewhere as well, since who doesn’t use the same username and password on a few sites here and there? And watch your bank account carefully, just in case. Who knows but the hacker might have been able to snatch the decryption keys as well.