Hackers who have penetrated the Sony PlayStation Network may have made off with the headed off with the credit card numbers of Sony customers. These were revealed by security researchers who had seen discussions in some online forums.

Speculations suggest that hackers hold a database loaded with customer names, addresses, usernames and passwords. Researchers accounted that a least 2.2 million credit card numbers are contained in the database.

Kevin Stevens, senior threat researcher at Trend Micro, said “I have seen a talk of the database on several hacker forums, including indications that the Sony hackers were hoping to sell the credit card list for upwards of $100,000.”

According to Stevens, one forum member told him the hackers had proposed to sell the data back to Sony but the hackers did not receive any reply from the company.

Although several researchers confirmed the forum discussions, it was impossible to verify their contents or the existence of the database.

Reporters asked Patrick Seybold, Sony’s senior director of corporate communications and social media at about the hackers’ demand. In response Seybold said,”To my knowledge there is no truth to the report that Sony was offered an opportunity to purchase the list.”

Seybold also emphasized a blog post that Sony published on Thursday. It said, “The entire credit card table was encrypted and we have no evidence that credit card data was taken.”

Despite this statement, Sony has said that it could not exclude the probability that hackers might have obtained some credit card data.

“Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers,” said Mathew Solnik.

Solnik is a security consultant with iSEC Partners who visits hacker forums to hunt down new hacks and vulnerabilities which may concern his clients. Solnik explained researchers deemed that the hackers gained access to Sony’s database by hacking the PS3 console from which they have infiltrated the company’s servers.

In a phone interview Dan Kaminsky who is an independent Internet security specialist confirmed the presence of forum posts about a Sony credit card database although they do not verify who was behind the attack.