Even if you use a different email, but from the same domain, with the same password you are vulnerable. For example, if you use an email like firstname.lastname@example.org
(where "example.com" is your own email domain, of course) it won't be too hard to guess that you'll also use email@example.com
and try those with the same password you use on PSN.
If this applies to you then I can't stress this strongly enough: Change Your Other Passwords Now!
Then change your PSN password once it's available again.
The other, less likely risk is that of identity theft. Our names, physical and email addresses and birthdays are now "in the wild" so to speak. These can be used to impersonate you and possibly gain access to services and systems you use. There are procedures in place to try to deal with this sort of thing and your bank, credit card company and government will be able to give you advice on what you can do to avoid it.
For example, in the UK the Information Commissioner's Office has advice regarding identity theft
What could Sony have done to prevent this?
Without knowing how the hack was accomplished, it's very difficult to know what went wrong. It's possible that this was just a lucky attack by a dedicated hacking group that managed to hit on a way to access Sony's servers. It's also possible that a vulnerability in Sony's systems was revealed by access to the information posted by fail0verflow and GeoHot using custom firmware. However, there's no evidence available to us to say for sure either way.
Sony's systems must have been designed to comply with PCI DSS and therefore they were designed using industry best practice for dealing with credit card details. Systems like this are designed based on the assumption that they will be hacked at some point and so there should be a "defence in depth" type of approach where more sensitive data is held more securely.
Based on this, I believe the systems were compromised at the network security level. Some vulnerability was used to gain remote access to the PSN servers. From that point the hack will have become a case of copying files and breaking into them on the attackers' own systems.
However, it's very unlikely we will ever know for sure how this hack was accomplished. It's very uncommon for a company affected like this to reveal how it was done.
Should Sony have admitted the possibility of our personal details being stolen before they did?
This is a tricky one to answer, it's probable that there was no firm evidence until just before the announcement on the 26th, indeed Sony has issued a "clarification" message that claims this is exactly what happened
Without strong evidence either way it could be seen as jumping the gun to publish a warning. Both because it might not be true and you've just potentially caused 77 Million credit cards to be cancelled for no reason, and also because if it turns out to be true then repeated warnings may fall into the "boy who cried wolf" category and be ignored.
On the other hand, we're (mostly) all adults, certainly those of us with credit cards should be, and we're capable of making our own decisions. Publishing the warning over a week after the event happened can easily be seen as too late and will have affected the trust that millions of people have put in Sony and its systems.
One thing we can be very sure of, this is a big problem and a PR disaster for Sony. Like I said, many people will now not trust Sony to keep their details safe. Let's just hope that Sony, and everybody else involved in online commerce, learns from this incident and makes sure their systems and procedures are as up to date as they can be.
The opinion expressed in this article is that of the author and does not reflect those of SPOnG.com except when it does.
Want to vent your gaming spleen? Send 900 words max of well thought-out, deeply analysed opinion and we may even run it. Send in 900 words of incisive but mostly brutally angry invective, and we almost certainly will.