As reports emerge about Sony users’ personal information being offered for sale in the underworld, security experts are urging users to treat the situation as if their credit cards had been stolen.
The New York Times reports that some experts have seen indications that the database compromised in what is being called the biggest security breach ever is being offered for sale.
The database is said to include personal information as well as credit card details.
Meanwhile, security experts at Sophos are urging users to take immediate action to ensure that their online identities are secure, and that fraudsters cannot take advantage of stolen credit card information.
"Users of Sony's PlayStation Network need to act to minimise the chances that their identity and bank account are compromised following this hack," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa. "That means changing your online passwords (especially if you use the same password on other sites), and considering whether it would be prudent to inform your bank that, as far as you're concerned, your credit card is now compromised.
Sony has warned that hackers have been able to access a variety of personal information belonging to users, including: name, address, country, e-mail address, date of birth, PlayStation Network and Qriocity password and login, and handle/PSN online ID>
In addition, Sony warns that profile information – such as history of past purchases and billing addresses, as well as "secret answers" given to Sony for password security – may also have been obtained. Sony also admits that it cannot rule out the possibility that credit card information may also have been compromised.
"The fact that credit card details, used on the network to buy games, movies and music, may also have been stolen is very disturbing. If Sony loses your credit card information, it's no different from you losing your credit card – you should cancel that card immediately,” says Myroff.
“Questions have to be asked as to whether Sony was ignorant of PCI data security standards as well as storing this, and other personal data in an unencrypted format. All in all, this is a PR and security disaster for Sony."