The attack used, what is assumed to be, a massive set of login details stolen from other companies, sites or other sources. With the number of successful cyber attacks recently, there is no shortage of user data, including email addresses, login names, and passwords floating around.
Reitinger said that than one tenth of one percent (0.1%) of its online customers appear to have been affected, totaling approximately 93,000 accounts globally. In other words, of the massive set of logins tested, the attackers were able to validate 93k accounts that had used the same password as was used somewhere else.
Sony says it has taken steps to mitigate the activity, but should serve as a reminder to not use the same password on multiple sites, especially ones that that contain personal information and could be linked to a credit card, billing system, or other personal information.