In an faq on the official PlayStation blog, Sony revealed that PSN users' credit card info was encrypted and that - most probably - hackers didn't steal it. On the other hand, personal data was stored in the plain and hackers have grabbed it definitely.
"All of the data was protected, and access was restricted both physically and through the perimeter and security of the network," the faq reads. "The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."
Sony then explained that the warning they issued yesterday was "out of an abundance of caution." The company also noted that it never stored credit card security codes (sometimes called a CVC or CSC number).
According to what's stated in the faq, the most prominent threat facing PSN users is identity theft and sophisticated scams that are aided with the wealth of personal data the hackers managed to steal. Hackers might also be able to use the passwords they obtained to access users' accounts on different sites and services if they are the same.
The PSN will come back online in less than 6 days, but only after Sony is confident that it is secure enough.