In its latest official announcement, Sony has admitted that the result of the hack last week caused them to take the PSN offline. It seems that the hackers have stolen the personal data of all its users, including their name and address, date of birth, passwords and security questions, purchase history and possibly credit card details.

This is a sample of an email which was sent to me hours ago. The message is also posted on the official PlayStation site.

Valued PlayStation®Network Customer:

We have discovered that between April 17 and April 19, 2011, certain PlayStation®Network user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

1. Temporarily turned off PlayStation®Network services;
2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3. Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation®Network password and login, and PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation®Network password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation®Network, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony Computer Entertainment will not contact you in any way, including by email, asking for your credit card number, identity number or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony Computer Entertainment is not the entity asking.  When the PlayStation®Network services are fully restored, we strongly recommend that you log on and change your password.  Additionally, if you use your PlayStation®Network user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience.  Our teams are working around the clock on this, and services will be restored as soon as possible. Sony Computer Entertainment takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority.  Please contact us at 2341 2356 (HONG KONG) OR 021 2994 8800 (INDONESIA) OR 1 800 81 4963 (MALAYSIA) OR 800 8523 663 (SINGAPORE) OR 0809 079 888 (TAIWAN) OR 0 2715 6100 (THAILAND). should you have any additional questions.

Sincerely,
Sony Computer Entertainment Hong Kong Limited

There are also rumors stating that the “Rebug” custom firmware which give its users the ability to log into PSN as if they were doing so from a developer console. Users can then add funds from a “dummy” credit card accounts into their PSN wallets, giving them the ability to purchase the various PlayStation Store content. While the hack does not in anyway allow users to access credit card or personal information, I am certain that there is a loophole in the security of the PlayStation Store. I mean look! The rebug allowed people to add funds from a dummy account. That alone is already a flaw of the PlayStation Store.

I guess I should be worrying since I do have 1 account with my card details ~_~ UGUU!!