Unconfirmed reports could mean PlayStation gamers' greatest fears are coming true.
According to the UK Guardian's technology blog, hackers responsible for compromising Sony's PlayStation Network in mid-April have claimed in underground Internet forums that they have a database of users’ personal information, including credit card numbers and security codes.
This comes on the heels of a Q-and-A statement posted on Sony's official PlayStation blog Thursday that all credit card information uploaded to the network was encrypted and that "there is no evidence at this time that credit card data was taken".
The reports seem to be based on a tweet by Kevin Stevens, a security analyst with Trend Micro, who said, "The hackers that hacked PSN are selling off the [database]. They reportedly have 2.2 million credit cards with CVVs #psnhack".
Sony, however, claims that these CVV codes -- three-digit numbers required for "card not present" transactions -- could not possibly be in malicious hands because "we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system."
Stevens has received some blowback on Twitter for his tweet, but has insisted, "This is not BS. It is called seeing a post on a forum and tweeting about it. I already clearly stated that I had not seen the [database]".
Despite Sony's assurances, they are warning users to cancel credit cards associated with their PSN accounts.
he Guardian reported that dozens of users have reported fraudulent charges on such cards since the security breach, but makes the point that this could be a statistical coincidence.
"Any sufficiently large number of credit-card owners," like the 77 million PSN users, "is certain to include some who have recently been defrauded by other methods," Guardian blogger Charles Arthur wrote.