Sony Computer Entertainment's latest news update for the ongoing PlayStation Network and Qriocity outage addresses the main and very serious issue of the unauthorized intrusion which forced the console giant to shut their online services down in the first place.
PSN users have been informed of possible compromises of personal information tied to their user accounts as a result of "malicious actions", confirming that SCEA's battle thus far has been one against hackers. SCEA cautions that an outside party may have obtained PSN login (account username and password) and contact details (mailing address), as well as PSN account profile data like purchase history.
SCEA has tapped into the services of an "outside, recognized security firm" to conduct a thorough investigation as to how this mess managed to occur.
While SCEA cannot confirm if actual credit card data tied to PSN accounts were similarly compromised, the company is advising PSN users that it wouldn't hurt to keep an eye out for some very suspicious correspondence in the near future:
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
PSN users will also want to keep a keen eye on their credit report statements for equally suspicous financial activity. SCEA helpfully reminds its customers in the US that they can contact their friendly neighborhood credit bureau for their free reports, and they may even place fraud alerts on their credit report files if they want to be extra safe at the cost of some extra verification on your part whenever you need to do something related to your credit score.
On a brighter note, SCEA believes it is on a "clear path" to recovery following their big decision to "rebuild" the PSN and Qriosity services, and expects to have these restored "within a week". The first thing for users to do once they can get back on to the PSN then is to change their passwords.
Update: Reuters reports that the information from possibly 77 million PSN accounts (note that this does not necessarily equate to 77 million actual people) were compromised as a result of this security breach, which the SANS Institute believes could be one of the largest cases of online identity theft yet.