According to unverified reports, hackers have stolen about 2.2 million credit cards from Sony’s PlayStation Network.

Despite Sony’s claim yesterday that the database of credit card information was encrypted, security researchers say they’ve seen forum discussions where the hackers brag about having credit card numbers in their possession, and are threatening to sell the information for up to $100,000, the New York Times reports.

“Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers,” Mathew Solnik, a security consultant with iSEC Partners, told the New York Times, citing discussions in hacker forums.

Security researcher Kevin Stevens of Trend Micro tweeted, “Supposedly the hackers selling the DB says it has: fname, lnam, address, zip, country, phone, email, password, dob, ccnum, CVV2, exp date.”

However in a later tweet Stevens said he had not seen the forum discussions himself and called responses to his tweet “a bunch of FUD,” or “fear, uncertainty, and doubt”: “I posted up what I saw to warn people, not to incite the masses to create FUD.”

As expected, PSN users have taken to online communities to report fraudulent charges on their linked credit card accounts.

“Just got called by my credit card company, been charged 2 grand for some Paypal account in China…nice one Sony. At least I get it back #PSN,” one user tweeted.

Continue reading here.