If you haven't yet checked to see if your email address and password are now public knowledge, it would be a good idea to take a couple of minutes to make sure your information wasn't compromised in the past few days. One thing is certain: Seldom have events supplied a more compelling argument for following basic security measures.
Here's a quick review. The PlayStation Network intrusion, which started on April 17, resulted in the exposure of 77 million customer records (Network World has a complex timeline of events). The Sony Online Entertainment breach, which started on May 2, led to 25 million customer records being exposed, including 12,700 non-U.S. credit card numbers. On May 22, Sony BMG Greece was hacked, with 8,500 email addresses and hashed passwords retrieved.
Then, on May 23, LulzSec -- an organization few people had ever heard of, to that point -- stole data from Sony Music Japan's site. According to Sophos, the data "does not contain names, passwords or other personally identifiable information." On May 24, Sony Ericsson Canada lost 2,00 email addresses and passwords. The data was posted on pastebin, but has been pulled. If you were one of the compromised individuals, Sony has already notified you.
Then came the big load. On June 2, LulzSec claims it stole more than 1 million user names, passwords, email addresses, dates of birth, and more, from the site SonyPictures.com. Apparently, incredibly, none of the information was encrypted -- it's all in plain text. There's a torrent floating around with 51,000 entries selected from the compromised million. Lulz posted a similarly abbreviated list on pastebin, but it's also been removed. Troy Hunt has details about the torrent on his blog, including a list of the most common passwords.