After Sony announced that its servers were hacked, users bombarded the company with concerns about the safety of their personal information. In its announcement earlier this week, Sony admitted that the attacker(s) gained access to customers' names, addresses, email addresses, birth dates, and PSN login credentials.
Naturally, the severity of that breach would be largely dependent on whether the information was encrypted -- something Sony neglected to mention in its initial announcement. Sony has addressed the question in its latest post revealing that some data was in fact stored on the company's servers in an unencrypted state.
Rest assured that your credit card information was encrypted and Sony says that there is still no evidence any financial data was swiped -- though it's entirely possible. However, your personal details were kept as a separate, unencrypted data set. This includes your identity, location and contact information.
Although Sony doesn't directly mention how your username and password were stored, it seem likely that they were housed with your other unencrypted data. Sony makes it abundantly clear that you should change your password for other online services if you're using the same one that you did on PSN/Qriocity.
As for your PSN credentials, Sony is developing a new software update that will require all users to change their password once the service is restored. The company also reminds users to beware of email, telephone and postal scams that request you to reveal further sensitive information such as your Social Security number.
You can bet Sony is furious about the intrusion and regretful about not encrypting your data. The company said it's working on strengthening its network infrastructure and enhancing PSN security across the board. Additionally, it's already in the process of moving its data center to a new, more secure location.