Sony continued its efforts at damage control on Monday following the attack on the PlayStation Network earlier this month that compromised the personal data of up to 77 million consumers worldwide, affecting up to 10 million credit card accounts.
Patrick Seybold, Sony senior director of corporate communications, posted an update Monday in which he denied rumors that hackers had offered to sell millions of credit card numbers back to the firm.
He also clarified that while users' passwords weren't encrypted, they were protected using a hash function, which is like a shortened version of full encryption.
"There is a difference between these two types of security measures, which is why we said the passwords had not been encrypted," Seybold said. "But I want to be very clear that the passwords were not stored in our database in cleartext form."
Sony has faced a harsh backlash from gamers and lawmakers after taking almost a week to notify customers that their data had been breached. Rep. Mary Bono Mack (R-Calif.) said she is preparing legislation to enhance data privacy protections in the wake of the incident.
The firm declined to testify at a Wednesday's hearing in front of the House Energy and Commerce Manufacturing subcommittee on data privacy, citing an ongoing investigation. Bono Mack is chairwoman of the subpanel; her staff said Sony will provide written answers to the lawmakers' questions by Tuesday.