Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience.
quote: Even if a hash is stored and not the password it is fairly trivial to reverse the hash if you know the hashing algorithm (which we should assume was also compromised.)
quote: I don't know why you would assume that. There is a significant difference between data being compromised and the hashing algorithm being compromised. Cracking the passwords from the hashes should also be pretty much impossible, since it is likely that some form of time sensitive salt was added to the password hash.
quote: If the hashing algorithm was compromised, that would pretty much mean that the hacker not only got access to the database, but also got access to the source code of the PSN servers/software.
quote: On the other hand, ask a computer to calculate the prime roots of 74,078,166,141 and you'll be waiting for a much longer time.
quote: Let's hope they don't have quantum computers!