Unless you've been living in cave during the past week, you will likely have heard that Sony's PlayStation Network (PSN) was breached last week. The much-reported immediate impact for PSN users has been that the network has been unavailable for use since April 21st 2011.
It seems likely though that there will be a greater impact for some users as Sony has confirmed that hackers have stolen user data. Although Sony maintains that payment card information was encrypted and kept safe, rumors have been spreading on the Internet that some PSN users have coincidentally been the victim of credit card fraud.
Whether this is due to the breach or just a trick of timing, it does seem certain the PSN attackers will try to use the stolen information in ways that will further harm the victims. As such, we recommend that users take the following steps to protect their identity:
1) Think hard about where you've used the same usernames, email addresses, and passwords that you've used for your PSN accounts, then change all passwords. The obvious password re-use cases will be email, PayPal, Facebook, and Twitter accounts. Having your email compromised could lead to more information leakage and allow the attackers to reset other website passwords. If possible, don't give your new information to PSN anytime soon. The breach was relatively recent and it may take a while to fix the root cause of the breach.
2) Companies should be cautious and warn employees against password re-use, because some people use corporate email accounts with the same passwords everywhere. Encourage users that may have made this mistake to change their passwords immediately.
3) If you are worried about the rumors that payment card information was revealed, it would be wise to cancel any payment cards that were stored to PSN accounts and get new cards issued.