If you're one of the estimated 77 million people who've registered with Sony's PlayStation Network or Qriocity online services, the massive data breach announced yesterday (April 26) means there's essentially a big target on your back.
Cybercriminals now have your name, address and birthdate — enough information to steal your identity. They also have at least one of your email addresses, which means you will be the target of spam and phishing schemes.
And they may also have one of your credit-card numbers, which could be being used to run up fraudulent purchases right now.
"This security breach is not just a public relations disaster for Sony, it's a very real danger for its many users," wrote researcher Graham Cluley on Naked Security, the blog of the British information-security firm Sophos. "You need to act now to minimise the chances that your identity and bank account becomes a casualty following this hack."
About 36 million Americans are among the affected users, according to the San Jose Mercury News.
The PlayStation Network is used by owners of PlayStation 3s and PlayStation Portable game consoles to play video games online, while Qriocity is a more general entertainment-distribution portal. Both services also stream movies and videos.
If you've ever registered with either service, the first thing to do to protect yourself is to assess what sort of information you provided when you signed up.
Did you use a password that you've used on other online accounts? (Most people would have.) If so, go to all those other accounts and change the password. Assign a different new password to each account.
Did you provide a credit-card number? You may have if you used the PlayStation Network to rent movies or buy games, for example. Not sure? Check your email archives for anything from firstname.lastname@example.org.
If you think you did provide a credit-card number, you need to watch your statements carefully. Contact your card issuer — in the case of MasterCard or Visa, the issuer is usually a bank — to inquire about automatic monitoring programs, many of which are free.
You could also obtain your free yearly credit reports from the three major credit-reporting agencies, though it might be weeks or months before criminals begin to use your credit-card number.
Or you might simply want to cancel any credit cards you registered with the PlayStation Network or Qriocity. Call your card issuer and explain that you think you were affected by the Sony breach. They should be glad to issue you a new card with a different number.
"Look at it this way," writes Cluley. "If I lost my credit card in the back of a taxi, I would cancel my card. I wouldn't wait for a fraudster to sting it for cash."