Those responsible for the "unauthorised intrusion" that has shut down PlayStation Network for the last week have obtained users' personal information, possibly including credit card details, Sony has admitted.
A new statement published by the platform holder on the PlayStation Blog and currently being emailed to all PSN account holders reads as follows:
"Although we are still investigating the details of this incident, we believe that an unauthorised person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.
"It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
"If you have authorised a sub-account for your dependent, the same data with respect to your dependent may have been obtained."
The statement goes on to explain that there is every possibility that users' credit card information may have been compromised as well.
"While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility," it reads.
"If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
"For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking."
The update adds that Sony hopes "to restore some services within a week". When service does resume, Sony urges you to change your password immediately.
"When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password.
"Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
"To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.
"We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience," it continues. "Our teams are working around the clock on this, and services will be restored as soon as possible.
"Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at www.eu.playstation.com/psnoutage should you have any additional questions."
Sony also confirmed that it had employed "an outside, recognised security firm to conduct a full and complete investigation into what happened."
To prevent a similar security breach happening in the future, Sony has also "quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information."
Will you support Eurogamer?
We want to make Eurogamer better, and that means better for our readers - not for algorithms. You can help! Become a supporter of Eurogamer and you can view the site completely ad-free, as well as gaining exclusive access to articles, podcasts and conversations that will bring you closer to the team, the stories, and the games we all love. Subscriptions start at £3.99 / $4.99 per month.