The group said they didn't have the resources to copy all the information found, but is posting "samples" to prove their authenticity. The group claims they could have taken more, but that would have taken "several more weeks."

"What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it," reads the post. "This is disgraceful and insecure: they were asking for it."

Hackers in China have compromised personal e-mail accounts of hundreds of top US officials, military personnel and journalists, Google has said.

The fact that the victims were people with access to sensitive, even secret information, raises the possibility that this was cyber espionage, not cyber crime, our correspondent says.

TMG's server was running a custom-written administration program coded in Delphi. It had the unusual security feature of not requiring any authentication at all, allowing anyone connecting to port 8500 to send commands to the server.

The update command connects to an FTP server, retrieves a file, and then executes it-all without authentication-and rather than connecting to a specific FTP server, it allows the server to be specified when the update command is given.

This could in turn allow the private networks used by TMG for sharing IP address information with the French authorities to be attacked and possibly compromised-a risk that led to the temporary cessation of data collection last week.

Mark Zuckerberg has revealed his determination to allow under-13s onto Facebook, whatever politicians, regulators and the rest of the grownups say.

Speaking at an education summit in the US, the 27-year-old said the "educational benefits" of his social network made it a must-visit site for everyone old enough to push a mouse.

The researchers have discovered that the vast majority (95 per cent) of the credit card payments to unlicensed pharmaceutical sites are handled by just three payment processing firms - based in Azerbaijan, Denmark and Nevis, in the West Indies, respectively.

The study discovered that payment-processing for replica and software products advertised through spam was also monetised using merchant services from just a handful of banks.

Facebook has leaked access to millions of users' photographs, profiles and other personal information because of a years-old bug that overrides individual privacy settings, researchers from Symantec said.

Facebook over the years has regularly been criticized for compromising the security of its users, which now number more than 500 million. The company has rolled out improvements, such as always-on web encryption, although users still must be savvy enough to turn it on themselves, since the SSL feature isn't enabled by default.

Sony has given us a flurry of updates describing the steps being taken to get the service back up, the company has announced that PlayStation Network members will be given a year of identity theft protection, and Sony CEO Howard Stringer has offered another apology.

It's a simple thing to order a new credit card and change your passwords, but when we buy a game we expect it to work online. We want to play it right the heck now, and some gamers are going to be flat out angry after an outage this long.

LastPassLastPass, a Web based password management firm, advised its customers to change the password they use to access the service following what the company discovered signs that its network may have been compromised.

An analysis of the outbound data transfer from the server is large enough to have included "people's email addresses, the server salt and their salted password hashes from the database."

You can't trust anyone on the Web. Just ask the millions of people who signed up for Sony's PlayStation Network and who now must protect against possible hack attacks on their bank accounts and other private data lost due the recent data breach.

In addition to your credit card number and e-mail address, Web services may require--or at least request--other personal information. Unless the company will be shipping something to you, there's no need to give out your street or mailing address.

For example, when a service requires that I fill in my birth date, I use the earliest date it allows, such as January 1, 1905. I get a big kick out of seeing the geriatric-aid ads this generates.

The most dire scenario is that attackers gained, or tried to gain, control of the part of Sony's network that issues updates for the PlayStation 3.

"It's justification for Sony freaking out. They could lose control of their whole PS3 network."

Researchers speculating on the cause of the PSN breach are reading the posts as evidence that it may be possible to override Sony's security using modded PS3s, particularly if it was premised on the assumption that it was impossible for jailbroken consoles to access the network.