Credit card numbers stored on Sony's PlayStation Network could have been obtained by hackers, according to company officials. In a post to Sony's corporate blog, spokesperson Patrick Seybold offered some details into a major online attack that ground the company's person-to-person entertainment network to a halt. Sony officials alerted customers that an "intrusion" knocked Sony's popular gaming service offline, and that user account information had been compromised.
Because Sony's database contained both personal information and credit card account details, officials warned customers to take more aggressive precautions than those recommended during the recent breach of a large e-mail notification service. According to online security experts, consumers should consider taking three specific steps to protect themselves from fraud:
- Request a credit report "fraud alert." Sony recommended that its customers place a "fraud alert" on file with each of the three major credit bureaus. However, this preventive measure could carry negative consequences for some affected consumers. Many instant approval systems for credit cards, auto loans, and mortgages reject consumers with fraud alerts on file. Getting a home loan or a personal loan often requires slower, manual reviews by bank officers.
- Use separate credit cards for online, in-person, and crucial expenses. Despite the potential for credit card fraud in the wake of Sony's data breach, most consumers fall victim to identity thieves at restaurants and retailers rather than at e-commerce websites. Security experts recommend using separate card numbers for separate kinds of purchases. This practice reduces the number of recurring charges consumers have to change after experiencing identity theft. Many top rated credit cards offer additional card numbers at no extra charge.
- Create unique passwords for every website. According to an Accenture study, nearly two out of three Americans use the same password for everything, including their e-mail and personal banking. When criminals purchase data from a server breach, some identity theives try to hijack consumers' e-mail accounts, bank accounts, and social networking streams. Software tools like 1Password and LastPass help consumers randomize and track unique passwords.
Although Sony's PlayStation Network and Qriocity services remain offline during the investigation, Sony officials warned customers to avoid clicking links in e-mail purporting to arrive from the entertainment company, from banks, or from retailers. Instead, investigators told reporters, consumers should type web addresses directly into browsers to prevent falling victim to sophisticated impostor websites.