Even as Sony’s online gaming services were being taken down this morning, the PlayStation Blog was updated denying reports that hackers tried to sell back millions of stolen credit cards to the company. Sony’s Patrick Seybold said that the reports were false and that no one in the company recalls such an event occurring. The seedy underbelly of the internet where credit cards are bought and sold every day probably disagrees, but that’s Sony’s official stance on the subject. Of course, if such an offer were made it would not make much sense to buy back a list that would obviously be copied and resold anyways. From the PlayStation Blog:
"We want to state this again given the increase in speculation about credit card information being used fraudulently. One report indicated that a group tried to sell millions of credit card numbers back to Sony. To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list."
Seybold also said that, contrary to published reports, passwords were not stored in a plain text file:
"One other point to clarify is from this weekend’s press conference. While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form."
You can read the rest of it, which offers some additional security warnings to users, at the PlayStation Blog.