Sony has admitted that as a result of the hack which prompted it to take the PSN offline, hackers have stolen the personal data of all of its users, including their name and address, date of birth, passwords and security questions, purchase history and possibly credit card info.
In its latest official announcement, Sony claims it will have services restored within a week of when service will resume, but does provide extensive details about just how badly it has been compromised:
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided:
Name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.
It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained.
While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.
If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information.
Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.
When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password.
Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
[Sony also provides details on how US residents can make it more difficult for criminals to fraudulently make credit cards in their name now hackers have all their personal info]
As most people tend to utilise the same passwords and password prompts on multiple sites, even with no personal or credit card data leaked, a great many users are likely to be placed at considerable risk.
The most recent rumour regarding the actual cause of the outage suggests that the latest cracked firmware allowed users of hacked PS3s to download any and all paid PSN content and DLC for free using fake credit card numbers, prompting Sony to pull the entire service.
Sony has so far been silent regarding such theories, but the admission that so much personal data has been compromised suggests Sony’s security lapse has been on a catastrophic scale and that the consequences may be far-reaching – not least when everyone starts suing Sony.
Meanwhile, Microsoft is apparently experiencing an Xbox Live outage of its own – because so many people are creating new accounts with them, their servers are experiencing some difficulties.