- Sony PlayStation hacker or hackers may have stolen users' credit card data
- New York Times blog: Security researchers see evidence of such theft
- Sony says it's not clear credit card numbers were stolen, urges precaution
- The PlayStation Network has been down since April 20
Sony says there's no reason to believe credit card numbers of the network's 77 million users have been stolen, but security researchers tell the New York Times' Bits Blog otherwise.
"Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers," Mathew Solnik, a security consultant with iSEC Partners, told the Times' Nick Bilton.
Bilton quotes three security researchers who say they've seen talk about the stolen credit card numbers in dark corners of the Internet.
They say as many as 2.2 million credit card numbers may have been stolen as part of the attack. One researcher says the hackers appear to be trying to sell some of the credit card information for more than $100,000.
CNN has not independently verified these claims.
The Sony PlayStation Network -- which lets users play games with friends in remote locations, purchase games over the Internet and stream movies -- has been down since April 20 following a major infiltration of its security system.
Some PlayStation Network users link their credit cards to the online service so they can quickly purchase games and make other transactions.
Sony says personal data has been stolen, since the database that includes that information was not encrypted. But the company has maintained it has no reason to believe the hackers have access to PlayStation users' credit card numbers, which it says were stored in an encrypted database.
Still, Sony has encouraged people to take precautions:
"While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," the company said in a blog post on Thursday. "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."
Some PlayStation users have been changing their credit card numbers as a precaution.
E-mail addresses and passwords also are valuable to cyber criminals.