When truly personal information leaked from "PlayStation Network (PSN)", how much can they be traded?

Sony said recently that the name, address, country, e-mail address, birthday, password to use the service, online ID, purchase history, billing address of the approximately 77 million people of "PlayStation Network (PSN)" and "Qriocity" , Including answers to password securityThe possibility that personal information leaked outAnnounced.

Although it can not deny the possibility of spilling to the last, it can not be confirmed whether or not it actually leaked, but if the information leaked out, how much will it be traded in the back market ... ... Interesting data as a security company "G Data Software"Revealed.

For details on combining information on future measures etc. from the following.
According to the press release announced today by G Data Software, the data that we are currently liable to leak can be "name," "address," "nationality," "email address," "date of birth," "password (PSN / curio city) "Online ID (PSN)" may include profiles such as "purchase history", "billing address", "answer to a question for password resetting", and so on.

Also, if the account holder used a credit card at PSN / Curiocity, it is said that "credit card number (excluding security code)" and "expiration date" may be saved.

Attacks currently being done on the Internet are roughly divided into "money purpose (cyber crime)" or "political action (cyber spy, target type attack =Targatuck) "The value of individual information varies depending on the purpose.

In the case of money purpose: without requiring specific human data, the value increases with the quantity
In the case of political acts: Since the purpose is to target specific organizations, states, facilities, etc., the quantity is not particularly limited (in extreme terms, only one piece of information need be)

Although it is unknown which attack is against Sony at the present time, considering the possibility of political acts based on the circumstances of trouble between Sony and a hacker, considering the outflow of a huge number of personal information It seems that possibility of money purpose is also considered, and in some cases it seems that both purposes are combined.

And, if the leaked personal information is traded on the back market, how much will it cost? ... G Data Software says, "Personal information related to credit card such as name, account, expiration date and password When it has a complete set, we can sell this at a high price with forums and bulletin boards on the back of the net "and calculate the list of selling prices in the back market as follows.

Selling price list in the back market (as of April 2011)
* The Japanese yen is calculated at 1 euro = 120 yen, 1 dollar = 80 yen

PSN credit 50 euro 10 to 25 euros (1,200 to 3,000 yen)
Credit card (secure code updatable) 50 euro (6,000 yen)
Credit card · Gold (Secure code update possible) 70 euro (8,400 yen)
Credit card (no authentication by Visa) 40 euro (4,800 yen)
Credit card · Gold (No certification by Visa) 50 euro (6,000 yen)

Visa / Master (US) 1.5 - 2 US dollars (120 - 160 yen)
Visa / MasterCard (UK) 5 to 7 US dollars (400 to 560 yen)
Visa / Master (UK) US $ 10 with birthday data (800 yen)
Visa / MasterCard (Europe) US $ 6 - 15 (480 - 1,200 yen)
American Express (US) 3 US Dollars (240 Yen)
American Express (UK) 12 US dollars (960 yen)
American Express (Europe) 9 US dollars (720 yen)

Unspecified credit card (without embossing) 25 US dollars (2,000 yen)
Unspecified credit card (with embossing) US $ 40 (3,200 yen)

Identification card (Romania / Moldova) 600 to 1,000 euros (72,000 to 120,000 yen)
Driver's license (Romania / Moldova) 600 to 1,000 euros (72,000 to 120,000 yen)
Passport (Israel) 2,300 euro (276,000 yen)
Passport (Romania) 2,500 € (300,000 yen)

Incidentally, even if we try to collect spam mails to unspecified people and collect personal information, the value of "goods" does not rise so much because we do not know the quality of contents, but personal information that leaked like this time If the majority of are genuine, and the possibility of being effective is very high, the price will naturally rise. As a possible measure thereafter, G Data Software lists the following things.

1. Change the password as soon as the network comes back online.
2. If you are using the same user name as other PSN on e-mail or on the Internet, change the password in a hurry.
3. Do not enter information other than required.
4. Check your credit card deposit transaction statement for any missing payment. If you have any suspicious data, contact the card company immediately. Even if there is fraudulent withdrawal, if it turns out to be fraudulent, it is highly likely that you will be repaid by the guarantee (insurance) of the card.
5. Use a credit card dedicated to Internet transactions.

Sony himself also calls attention to fraud as Sony does not directly inquire about personal information, and also strongly recommends changing user ID and password immediately when PSN recovers Therefore, users seem to need to check firmly the situation of future recovery.

in Note, Posted by darkhorse_log