On top of this, opt-in data was accessible which gives even more information about Sony's customers and their preferences. One of the shocking things to come from this hack is that Sony stored all 1 million user passwords in a simple plain text file, with no encryption at all. LulzSec have said "It's just a matter of taking it, this is disgraceful and insecure: they were asking for it."
LulzSec expressed themselves further:
Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?