"Sony's statement suggests that it was actually storing sensitive information in plain text format, which defies belief. The only other explanation is that hackers only got access to the hashes and may have compromised a small minority of passwords by running this data through something like a dictionary look-up. However, from the tone of Sony's apology this does not appear to be the case." Good god; they're certainly transmitted as plaintext to PSN - according to the IRC log referenced in this article - so the incompetence required to store them as plaintext is already evident. Appalling.