Sony Provide More Details on Intrusion
Confirm personal data was compromised
The important bits:
We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.
We believe that an unauthorized person has obtained the following information that you provided:
It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility
PSO recommends doing the following:
Monitoring your credit / debit card to ensure no fraudulent transactions are taking place
Be extra aware of spear phising attacks now that criminals can build up a better profile of you when sending malicious emails
What stands out to me is that passwords were compromised, why were Sony not hashing them ? That's basic security practice.
If they are unable to do such a basic thing what other vulnerabilities do they have ?