RUMOR: Sony sends your CC# as unencrypted text and they know the devices you attach the PS3 to -Updated-

by: John -
If you're using your credit card to make purchases on your PlayStation 3, you may need to think again as there seems to be rumblings going around that it's sent as unencrypted text to Sony. This chat log isn't confirmed, but I've read enough from others that this could be legit.

A hacker claims to have decrypted Sony's PSN functions and has gone through what Sony does when you have your PS3 connected or purchasing items. Some things include information about items such as USB drives or TVs that are attached to the console being sent to Sony. The unencrypted credit card info being sent is pretty big. And this information is supposedly updated anytime you login to your PlayStation 3. I don't know about you, but I don't really like Sony knowing what I use or attach my PS3 to and have it updated every time.

The hacker also says that he can easily manipulate if you have to pay or receive a DLC item for free. I don't know why it wouldn't be controlled on the server side of things rather than using a function of the PlayStation Network to dictate whether you get the DLC for free or not, but whatever.

I haven't turned on my PlayStation 3 in a few months, but if this is all true, it doesn't want to make me turn it on for a while.

-Update- It looks like your PS3 is sending the info via SSL so that's good. Now, where it can come into play is if you decide to hack your PS3 and run a custom firmware. That's when it gets dicey as someone can create a firmware to send the information to them without you knowing it. Just another lesson in not running hacks from sources you don't know.

Thanks Ars Technica.
comments powered by Disqus