Sony have posted more details to the official PlayStation blog
, confirming that the recent PlayStation Network downtime is the result of a malicious attack, and also providing the bad news that the account information of, well, everyone on PSN has probably been compromised - possibly including credit card data:
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.
It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
There is a FAQ
on the UK version of the site as well (conspicuously missing from the US version for some reason.
Users are encouraged to change passwords on other services if they've used the same username and/or password immediately. You will apparently also be notified by email if you're a PSN user at some point. The service continues to remain offline while further investigations continue.