Sony's investigation is still continuing and, as such, the company still doesn't have a clear picture of what exactly was stolen and how many accounts were affected. The company believes there is a high probability that personal information was taken, including usernames for the service and associated passwords in encrypted form, names, addresses, birthdates and e-mail addresses. Sony hasn't determined how many accounts were hit, but the attack could potentially affect all 77 million accounts.

About 10 million accounts have credit card numbers associated with them, but Sony said it had no evidence those numbers were stolen. The credit card numbers, unlike the personal information, are stored in an encrypted database, although Sony has not said what encryption system was used.

Nevertheless, Sony advised customers to watch out for unusual activity on their credit card accounts. It has discovered no such cases so far, said Hirai. Sony will pay the cost of reissuing credit cards based on user requests.

The attack was launched from an application server that sits behind a web server and two firewalls on Sony's network, said Shinji Hasejima, Sony's chief information officer.

"It was a very sophisticated technique that was used to access our system," said Hasejima.