Rumors have been spreading about credit card information that was leaked by the PSN security breach – one of them being that the hackers tried to sell a list of stolen card numbers back to Sony. Patrick Seybold, Senior Director of Corporate Communications and Social Media at Sony, said on the PlayStation Blog that “To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list.” He also reiterated that Sony will never ask you for your credit card number or social security number or any other information like that, so if you’re approached for this information, it’s by a party posing as Sony and you should not share that information. Duh.
He also explained what they meant at this weekend’s press conference when they said users’ passwords were not encrypted. “While the passwords that were stored were not ‘encrypted,’ they were transformed using a cryptographic hash function,” wrote Seybold. “There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form.” Seybold also offered a link explaining the difference.