An attacker gained “illegal” access to personal information stored on both the PlayStation Network and the Qriocity online music and video service, Sony announced on its blog on April 26. The information included names, addresses, login and password credentials, password security answers, e-mail addresses and birth dates. User purchase history and credit card information may also have been compromised.
“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” Patrick Seybold, senior director of corporate communications and social media, wrote on the company blog. The message was also e-mailed to account holders.
The breach may also impact minors as PSN account holders can authorize a “sub-account” for dependents. Account details belonging to those dependents were also breached, Sony said.
“This is a huge data breach,” Wedbush Securities analyst Michael Pachter told Reuters. The bigger issue facing Sony is how the attacker will use the stolen information. Pachter estimated Sony generates nearly $500 million in annual revenue from the services.