Fears of credit card fraud are high after recent security breaches involving Sony Online Entertainment, Sony PlayStation Network and Qriocity services, that may have exposed customers' payment information. Consumers around the world have been quick to attribute recent incidents of credit card fraud to the intrusion, according to a smattering of technology media reports.
Reports also have surfaced of alleged attempts to sell the supposedly stolen credit card data. One report even indicated that someone had tried to sell millions of credit card numbers back to Sony, according to Patrick Seybold, a company spokesman and blogger.
Still, the anecdotal nature of these reports, especially relative to the sheer size of the potential affected population, suggests the incidents, at least so far, are coincidental to the data breaches.
Sony, through a series of blog posts, has continued to reiterate its original statement that "there is no evidence at that this time that credit card data was taken." In addition, the company has suggested the other recent reports are unfounded.
"To my knowledge, there is no truth to this report of a list (of credit card numbers), or that Sony was offered an opportunity to purchase the list," Seybold wrote on the PlayStation blog.
Seybold also clarified that while the passwords stored in the PlayStation-Qriocity networks weren't encrypted, they also weren't stored in cleartext form, but rather "transformed using a cryptographic hash function." That might -- or might not -- offer some comfort.
The credit card data in the system was encrypted, according to Sony. That should safeguard the information from fraudulent use, assuming the encryption keys weren't compromised.
Sony said it plans to restore the PlayStation Network and Qriocity services shortly with new security measures intended to detect any further unauthorized activity and better protect users' personal information. Customers are advised to logon and reset their passwords as soon as the services are back in action and to change any identical usernames or passwords on other services or accounts.
Follow me on Twitter: @marciegeff