Sony confirms encryption of PSN credit card data

Sony has confirmed that the credit card details possibly stolen in a breach of its PlayStation Network were encrypted.

Sony has said its PlayStation Network users' credit card details were encrypted, after an "unauthorised person" accessed user data. Credit: Erica Ogg

Customer names, addresses, email addresses, birthdays, PlayStation Network and Qriocity passwords and user names, as well as online user handles, were obtained illegally by an "unauthorised person", according to Sony, affecting up to 75 million customers.

The company said on its blog that "all credit card information stored in our systems is encrypted", but added that it cannot rule out the possibility that the card data was stolen. While the strength of encryption has not been revealed, its existence is welcome news for users of the compromised networks because it reduces the likelihood that details can be used to commit fraud.

Sony said it is pushing out a system software update "that will require all users to change their password once PlayStation Network is restored", a move that hints that although credit card data was encrypted, customer passwords were not.

For more on this ZDNet UK-selected story, see PlayStation credit card data was encrypted on ZDNet Australia.