So it seems that all the kidding is over with as Sony has finally released a statement. Apparently they state that the external intrusion into their network has indeed lead to the theft of user information. How much user information? Well to hear them tell it, it looks like all of it.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
Apparently, PSN services will be back up within a week, but judging by how huge this is it seems like it will probably be longer until the whole thing is sorted out and the investigation by a private security firm runs its course. I suppose that explains why Sony was mum about many of the details behind this attack as they had probably already procured the services of the investigation company. Patrick Seybold, senior director of corporate communications and social media, also added:
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. (Source: Playstation Blog)
The full timeline of the event is also listed in the article which states that the breach took place between April 17th and April 19th. So there you have it folks. Take the necessary precautions and stay vigilant for any potential scams. And thanks Sony for letting us know as quickly as you did. It's not like you let us sit for 6 days completely in the dark about the whole thing!