Sony says users' credit card data stored on the PlayStation Network was encrypted, and probably safe from the hackers who attacked it last week and may have made off with the personal information of 77 million people.
In a post on the PlayStation Europe blog, Sony said the credit card information is in a separate database from the user information -- names, emails, physical addresses and the like. The credit card data is encrypted, while the user information is not.
The personal data table, which is a separate data set [from the credit card information], was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack, Sony said.
Encrypted or not, however, Sony says it is not able to rule out the possibility that the credit card information of its users was stolen. That's because the basic user information may be all a hacker would need, considering password and login will get an intruder access to a user's account details, including credit card payment information. Users, however, won't be able to change that information now that the PlayStation Network has been taken offline.
Sony says it has taken a number of steps to not only protect user data, but to prevent similar breaches from occurring in the future. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network's security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway, the company said.
Sony expects its PlayStation Network and Qriocity services to be restored within the next week, though it is possible that many PlayStation owners won't return.
The hacking was first detected April 21, but Sony took days to notify users that something was wrong when it took down the network entirely in order to defend it. Since then a lawsuit has been filed, charging that Sony was negligent in administering its network.