Security researchers have been sifting through the hacker forums and say that there has been talk of the hackers contacting Sony in order to sell back the credit card list to the company for $100,000, but that Sony didn't respond to the offer.
Whether the claims are true or not it is impossible to tell. "The entire credit card table was encrypted and we have no evidence that credit card data was taken, said Sony. "The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."
“Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers,” said security consultant Mathew Solnik for The New York Times.
Also, even if the data is encrypted, it doesn't mean that it can't be decrypted by the attackers, and Sony didn't offer any details about the encryption method used. Although, if the hackers managed to break it, I doubt they would be trying to sell the list back to Sony. On the other hand, they could always sell it to other criminals who know how do it.
Sony has advised PS users to keep a close eye on their financial statements in order to spot a fraudulent transaction as soon as it happens.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.