The ongoing saga of Sony’s massive data hack continues, and not in a good way for Sony.
The company now admits some personal data did not have any encryption, meaning all it took was back-door access to user files – which is what happened in this case – to get unfettered user information.
However, it asserts, credit card data was fully encrypted.
“The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack,” Sony wrote in its latest Playstation Blog post.
An earlier report last year said credit card data on the Playstation Network was not encrypted, so some are uneasy with Sony’s assertions.
Nevertheless, the company maintains “there is no evidence at this time that credit card data was taken.”
Also, this attack seems to be more of a retaliatory, “look at what we can do” kind of attack against Sony, not against any of the company’s individual users.
The company’s latest answer to when Playstation Network service will be restored is, “Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.”